SAML

From MgmtWiki

Jump to: navigation, search

Contents

1 Full Title or Meme
2 Problems
3 Vulnerabilities
4 References

Full Title or Meme

Security Assertion Markup Language is a collection of standards used in Identifier Management

Problems

There are two terms that SAML defined that defy logical analysis but have propagated misunderstanding to this day.

Identity - the use in SAML lead to a conflation of the idea of a digital Identifier with a person's identity which it is surely is not.
Claim - as defined in SAML the term is not problematic, but is use in Microsoft implementations has lead it to be conflated with Attribute.

Vulnerabilities

The "Golden SAML" is caused by the creation of an Identifier token that allowed access across multiple applications.^[1] "A federation enables trust between different environments otherwise not related, like Microsoft AD, Azure, AWS and many others. This trust allows a user in an AD, for example, to be able to enjoy Single Sign-On (SSO) benefits to all the trusted environments in such federation."

References

↑ Shaked Reiner, Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps CyberArk (2017-11-21) https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=SAML&oldid=21111"