Sign in / up

Reply to post: Only vulnerable if you use HTTP-POST binding

XM-Hell strikes single-sign-on systems: Bugs allow miscreants to masquerade as others

Tom 38

Only vulnerable if you use HTTP-POST binding

Only vulnerable if you use HTTP-POST binding to deliver the SamlResponse to the service provider, if you are using other bindings like HTTP-Artifact then there is no chance for the response to be modified.

Admittedly, that is the most common - I don't know why, it makes the client requirements so much stronger.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon