Thomas Gross
IBM Research
Switzerland

Many influential industrial players are currently pursuing the development of new protocols for federated identity management. The SAML Single Sign-on Browser/Artifact profile is an important standardized example of this new protocol class and will be widely used in business-to-business scenarios to reduce user-management costs. The SAML profile utilizes a constraint-based specification that is widely-used by designers of this protocol class. In general, the profile is designed well and carefully.

Yet, it does not come with a general security analysis, but provides an attack-by-attack list of countermeasures as security consideration. We present a security analysis of the SAML Single Sign-on protocol, which is the first one for such a protocol standard. In concise analysis of the protocol design, we have revealed several flaws in the specification given that can lead to vulnerable implementations. To demonstrate the impact of that flaws we exploit some of them to mount attacks on the protocol.

Keywords: SAML, single sign-on, security analysis, protocol design, federated identity management, browser-based, zero-footprint

Read Paper (in PDF)