[HN Gopher] Ruby-SAML pwned by XML signature wrapping attacks
       ___________________________________________________________________
        
       Ruby-SAML pwned by XML signature wrapping attacks
        
       Author : ucarion
       Score  : 11 points
       Date   : 2024-09-18 21:59 UTC (1 hours ago)
        
 (HTM) web link (ssoready.com)
 (TXT) w3m dump (ssoready.com)
        
       | caust1c wrote:
       | I know very little about XML and SAML, but from what little I do
       | know it shocks me that it's still the de-facto standard for SSO.
       | 
       | Great analysis and thanks for sharing!
        
         | tptacek wrote:
         | It should not be, and people should use OIDC in preference to
         | it wherever they can.
        
       ___________________________________________________________________
       (page generated 2024-09-18 23:00 UTC)