Why We Should Kill Saml2

Explore the shortcomings of SAML2 and discover why OpenID Connect is a superior alternative for single sign-on in this 45-minute conference talk from NDC Security 2022. Delve into the history of single sign-on protocols and examine the top 10 challenges they face. Learn about metadata, redirects, entity IDs, keys, response bindings, and trust issues in SAML2 implementations. Witness demonstrations of SAML2 vulnerabilities, including flaws in the .NET Framework's SignedXml implementation. Analyze the SAML2 authentication flow, XML signatures, and logout requests. Compare SAML2 with OpenID Connect across various aspects, including discovery services, common login servers, and federation capabilities. Gain valuable insights into modern authentication protocols and make informed decisions for your security infrastructure.

Intro
History
Single Sign On
Metadata
Redirect
Demo
Entity ID
Keys
Response
Bindings
Trusting
Saml2 Breaking
Sample to Flow
Duplicate Reference IDs
How do we know the key
Signatures
Delegation
XML Signature
Logout Request
Final Scenario
Discovery Service
Common Login Server
Connect Federation
Summary
Outro