top | item 41676539 (no title) ralala | 1 year ago OIDC is newer and many of the issues with SAML were addressed in the architecture. However I’m curious to hear which attack vectors you are thinking about. discuss order hn newest tptacek|1 year ago Most obviously, the precarity of XMLDSIG. ralala|1 year ago This is where artifact binding can greatly increase the security….Browser sends artifact to RP, RP fetches assertion from IdP via HTTPs, afterwards verifies the signature.Signature verification is not implemented correctly? The attacker still needs to break HTTPS…. And then you would have a big problem anyway. load replies (1)
tptacek|1 year ago Most obviously, the precarity of XMLDSIG. ralala|1 year ago This is where artifact binding can greatly increase the security….Browser sends artifact to RP, RP fetches assertion from IdP via HTTPs, afterwards verifies the signature.Signature verification is not implemented correctly? The attacker still needs to break HTTPS…. And then you would have a big problem anyway. load replies (1)
ralala|1 year ago This is where artifact binding can greatly increase the security….Browser sends artifact to RP, RP fetches assertion from IdP via HTTPs, afterwards verifies the signature.Signature verification is not implemented correctly? The attacker still needs to break HTTPS…. And then you would have a big problem anyway. load replies (1)
tptacek|1 year ago
ralala|1 year ago
Browser sends artifact to RP, RP fetches assertion from IdP via HTTPs, afterwards verifies the signature.
Signature verification is not implemented correctly? The attacker still needs to break HTTPS…. And then you would have a big problem anyway.