Ancestors

Written by Matt Cengia on 2025-01-21 at 04:38

"We don't have SAML support and we probably never will because SAML is a remote exploit that happens to sign you into web services" -- @firstyear on kanidm #EverythingOpen

=> More informations about this toot | More toots from mattcen@aus.social

Written by Matt Cengia on 2025-01-21 at 05:29

@firstyear (I don't know if this applies to any particular version of SAML; this context was not provided.)

=> More informations about this toot | More toots from mattcen@aus.social

Toot

Written by Firstyear on 2025-01-21 at 12:29

@mattcen SAML requires untrusted XML to be parsed, then modified, then canonicalised, then the signature is validated, then parsed again.

The surface area for mistakes here is .... large.

=> More informations about this toot | More toots from firstyear@infosec.exchange

Descendants

Written by JP on 2025-01-21 at 12:44

@firstyear @mattcen it's just a little XSL Michael. How much risk could it be?

=> More informations about this toot | More toots from daedalus@eigenmagic.net

Proxy Information

Original URL: gemini://mastogem.picasoft.net/thread/113866347131545698
Status Code: Success (20)
Meta: text/gemini
Capsule Response Time: 242.526287 milliseconds
Gemini-to-HTML Time: 0.621846 milliseconds

This content has been proxied by September (ba2dc).