SAML

From MgmtWiki
Revision as of 16:36, 17 June 2024 by Tom (talk | contribs)

Jump to: navigation, search

Full Title or Meme

Security Assertion Markup Language is a collection of standards used in Identifier Management

Problems

There are two terms that SAML defined that defy logical analysis but have propagated misunderstanding to this day.

  • Identity - the use in SAML lead to a conflation of the idea of a digital Identifier with a person's identity which it is surely is not.
  • Claim - as defined in SAML the term is not problematic, but is use in Microsoft implementations has lead it to be conflated with Attribute.

Vulnerabilities

  • The "Golden SAML" is caused by the creation of an Identifier token that allowed access across multiple applications.[1] "A federation enables trust between different environments otherwise not related, like Microsoft AD, Azure, AWS and many others. This trust allows a user in an AD, for example, to be able to enjoy SSO benefits to all the trusted environments in such federation."

References

  1. Shaked Reiner, Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps CyberArk (2017-11-21) https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps