SAML Artifact Information Flow Revisited

نویسندگان

  • Thomas Groß
  • Birgit Pfitzmann
چکیده

The standardized OASIS Security Assertion Markup Language (SAML) has become one of the most deployed frameworks in federated identity management even though it focuses only on single sign-on. Answering industry’s pursuit of the reduction of user-management costs and enabling cost-efficient deployment because of its browser-based profiles, SAML is believed to become widely used soon. With the revision to Version 2.0, especially SAML’s browser/artifact profile has gained new security measures defeating old vulnerabilities. We analyze this profile and focus on the problem of artifact information flow. We devise a concrete exploit to demonstrate the impact of this problem. We address this problem by a new browser/artifact profile called Janus. The innovation is to split the artifact into two independent shares that have different information flow in a standard web browser. This new method defeats artifact information flow efficiently without relying on assumptions on the artifact lifetime.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

SAML Privacy-Enhancing Profile

We present the SAML Privacy-Enhancing (PE) profile which empowers users to take control of the authentication process and their personal data. Users have the full control of the application flow and get detailed information about the involved participants and the revealed attributes. This enables users to give informed consent for the authentication. The new profile builds on well-established s...

متن کامل

Security Analysis of the SAML Single Sign-on Browser/Artifact Profile

Many influential industrial players are currently pursuing the development of new protocols for federated identity management. The Security Assertion Markup Language (SAML) is an important standardized example of this new protocol class and will be widely used in business-to-business scenarios to reduce user-management costs. SAML utilizes a constraintbased specification that is a popular desig...

متن کامل

On Breaking SAML: Be Whoever You Want to Be

The Security Assertion Markup Language (SAML) is a widely adopted language for making security statements about subjects. It is a critical component for the development of federated identity deployments and Single SignOn scenarios. In order to protect integrity and authenticity of the exchanged SAML assertions, the XML Signature standard is applied. However, the signature verification algorithm...

متن کامل

The “Man with Serpents” revisited. On a Figurated Pin from the Bronze Age Site of Shahdad (Kerman, Iran)

We discuss a figured pin from Shahdad, previously well known but published with a partial and unsatisfactory drawing.  More detailed observations and a new, more realistic recording of this important artifact reconsider its stylistic and iconographic links with the imagery of the Halil Rud civilization and the eastern Iranian Plateau in general, and, at its opposite cultural poles, with Mesopot...

متن کامل

On Cryptographically Strong Bindings of SAML Assertions to Transport Layer Security

In recent research, two approaches to protect SAML based Federated Identity Management (FIM) against man-in-the-middle attacks have been proposed. One approach is to bind the SAML assertion and the SAML artifact to the public key contained in a TLS client certificate. Another approach is to strengthen the Same Origin Policy of the browser by taking into account the security guarantees TLS gives...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2006