SAML
From MgmtWiki
Full Title or Meme
Security Assertion Markup Language is a collection of standards used in Identifier Management
Problems
There are two terms that SAML defined that defy logical analysis but have propagated misunderstanding to this day.
- Identity - the use in SAML lead to a conflation of the idea of a digital Identifier with a person's identity which it is surely is not.
- Claim - as defined in SAML the term is not problematic, but is use in Microsoft implementations has lead it to be conflated with Attribute.
Vulnerabilities
- The "Golden SAML" is caused by the creation of an Identifier token that allowed access across multiple applications.[1] "A federation enables trust between different environments otherwise not related, like Microsoft AD, Azure, AWS and many others. This trust allows a user in an AD, for example, to be able to enjoy SSO benefits to all the trusted environments in such federation."
References
- ↑ Shaked Reiner, Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps CyberArk (2017-11-21) https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps