CSOonline

How SAML works and enables single sign-on

What is SAML and what is it used for? The Security Assertion Markup Language (SAML) is an open standard that allows security credentials to be shared by multiple computers across a network. It ...
TheServerSide

SAML: It's Not just for Web services

SAML (Security Assertion Markup Language) is an XML-based standard for exchanging authentication and authorization data between security domains. SAML is a product of the OASIS Security Services ...
Bleeping Computer

GitLab releases fix for critical SAML authentication bypass flaw

GitLab has released security updates to address a critical SAML authentication bypass vulnerability impacting self-managed installations of the GitLab Community Edition (CE) and Enterprise Edition (EE ...
Bleeping Computer

Golden SAML Attack Lets Attackers Forge Authentication to Cloud Apps

A new technique called "Golden SAML" lets attackers forge authentication requests and access the cloud-based apps of companies that use SAML-compatible domain controllers (DCs) for the authentication ...
Threat Post

SAML Post-Intrusion Attack Mirrors ‘Golden Ticket’

A proof-of-concept attack demonstrates how adversaries can abuse the Security Assertion Markup Language framework to go unnoticed and assume multiple user identities. Researchers at CyberArk Labs have ...