23 February 2016
SAML – Security Assertion Markup Language – Yep its broken.
Glyn Wintle (@glynwintle)
Glyn will explain how SAML works (yes there will be lots of xkcd cartoons), the flaws found in standard deployments and give example in most implementations, walk through some of the attack techniques that work with any xml based protocol and digital signatures before going deeper into some more technobabble just for you.
Security Assertion Markup Language (SAML, pronounced sam-el) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. Think enterprise single signon, used by governments, large companies, web sites, what could possibly go wrong?
If you would like to provide a talk please drop a message to firstname.lastname@example.org (We have a projector with HDMI & VGA inputs if you want to show slides.)