[go: up one dir, main page]

Chan, 2006 - Google Patents

Weakest link attack on single sign-on and its case in saml v2. 0 web sso

Chan, 2006

Document ID
18220965833273873076
Author
Chan Y
Publication year
Publication venue
International Conference on Computational Science and Its Applications

External Links

Snippet

In many of the single sign-on (SSO) specifications that support multitiered authentication, it is not mandatory to include the authentication context in a signed response. This can be exploited by the adversaries to launch a new kind of attack specific to SSO systems. In this …
Continue reading at link.springer.com (other versions)

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/083Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Similar Documents

Publication Publication Date Title
Naik et al. Securing digital identities in the cloud by selecting an apposite Federated Identity Management from SAML, OAuth and OpenID Connect
Carretero et al. Federated identity architecture of the European eID system
US20200106766A1 (en) Method and system for security assertion markup language (saml) service provider-initiated single sign-on
US10454949B2 (en) Guarding against cross-site request forgery (CSRF) attacks
US8832857B2 (en) Unsecured asset detection via correlated authentication anomalies
US20100269149A1 (en) Method of web service and its apparatus
US9548982B1 (en) Secure controlled access to authentication servers
JP2001229078A (en) Authorization infrastructure based on public key cryptography
US20210084020A1 (en) System and method for identity and authorization management
Pfitzmann et al. Federated identity-management protocols
Mohamed et al. Adaptive security architectural model for protecting identity federation in service oriented computing
Bazaz et al. A review on single sign on enabling technologies and protocols
US11601431B2 (en) Split-tiered point-to-point inline authentication architecture
Simpson Toward a zero trust metric
Saravanan et al. A New Framework for Microservices with Single Sign-On, Security Assertion Markup Language and OpenID Connect
Maidine et al. Cloud identity management mechanisms and issues
Chan Weakest link attack on single sign-on and its case in saml v2. 0 web sso
Farrell API Keys to the Kingdom
Groβ et al. Proving a ws-federation passive requestor profile with a browser model
Maidine et al. Key mechanisms and emerging issues in cloud identity systems
James Web single sign-on systems
Indrakanti Service Oriented Architecture Security Risks and their Mitigation
Hosseyni et al. Formal security analysis of the OpenID FAPI 2.0 Security Profile with FAPI 2.0 Message Signing, FAPI-CIBA, Dynamic Client Registration and Management: technical report
Beshiri et al. Security issues in the RESTful API (service) using OAuth 2.0 for authentication and authorization
Ofleh Future of Identity and Access Management: The OpenID Connect Protocol