Several sources have recently reported the discovery of a ‘flaw’ in certain SAML implementations that could allow a ‘bad actor’ to alter the identity carried in a Single Sign-On SAML assertion and legitimately log in as a different user as reported by TechTarget. Wow – that’s bad! That was my initial reaction, and I envisioned
Dangerous SAML SSO vulnerability?
