10 September 2008, 11:08
Google closes hole in Single Sign-On for Google Apps
Google has changed the way its SAML Single Sign-On (SSO) Service for Google Apps works after receiving reports about a security problem Administrators and developers from other providers who use Google's SSO may be forced to revise their Identity Provider for authentication.
According to a report published by a group of security specialists, a flaw in the protocol used allowed a specially prepared server to register with another service when posing as a user.
See also:
- Google SAML Single Sign on vulnerability, Vulnerability Note VU#612636 from US-Cert
- Formal Analysis of SAML 2.0 Web Browser Single Sign-On: Breaking the SAML-based Single Sign-On for Google Apps, Error report from the Artificial Intelligence Laboratory
(trk)
Print Version | Send by email
| Permalink: http://h-online.com/-737237
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
