SAML Security Issues?

Anyone had any experience with trying to validate the security of the Salesforce SAML?

http://www.youtube.com/watch?v=7FP3GXWwnhw

Minute 17.50 asserts that salesforce has a security vulnerability to XML signature wrapping attacks if SAML is used for signing in. I've tried to ask Salesforce about the potential concerns, but I haven't heard anything back in a couple of days.

We are keen to deploy SAML based authentication in our org to address other IT concerns.

Has anyone out there used SAML and taken a deep dive to ensure that the SFDC implementation of SAML has been secured since this conference on youtube?

June 18, 2013
·
Answer
·
Like
0
·
Follow
0

BrendanO
Salesforce.com was immune to the signature wrapping attacked described approximately one year prior to that being presented. The Salesforce.com security team worked closely with the researcher and discovered variants of the original attack that applied to other open source SAML implementations. All of this information was responsibly disclosed and addressed well before being presented publicly.

June 18, 2013
·
Like
0
·
Dislike
0

You need to sign in to do that.

Need an account? Sign Up

Have an account? Sign In

Dismiss

Browse by Topic

Welcome to Support!

Show

sorted by

SAML Security Issues?

You need to sign in to do that.