• BrendanO
  • 0 Points
  • Member since 2013

  • Chatter
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 0
  • 1

Anyone had any experience with trying to validate the security of the Salesforce SAML?  




Minute 17.50 asserts that salesforce has a security vulnerability to XML signature wrapping attacks if SAML is used for signing in.  I've tried to ask Salesforce about the potential concerns, but I haven't heard anything back in a couple of days.


We are keen to deploy SAML based authentication in our org to address other IT concerns. 

Has anyone out there used SAML and taken a deep dive to ensure that the SFDC implementation of SAML has been secured since this conference on youtube?