function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

SAML Security Issues?

Anyone had any experience with trying to validate the security of the Salesforce SAML?


Minute 17.50 asserts that salesforce has a security vulnerability to XML signature wrapping attacks if SAML is used for signing in.  I've tried to ask Salesforce about the potential concerns, but I haven't heard anything back in a couple of days.


We are keen to deploy SAML based authentication in our org to address other IT concerns. 

Has anyone out there used SAML and taken a deep dive to ensure that the SFDC implementation of SAML has been secured since this conference on youtube?



BrendanOBrendanO was immune to the signature wrapping attacked described approximately one year prior to that being presented.  The security team worked closely with the researcher and discovered variants of the original attack that applied to other open source SAML implementations.  All of this information was responsibly disclosed and addressed well before being presented publicly.