[WEB SECURITY] Perimeter appliances for SAML SSO
jim at manico.net
Fri Feb 11 23:56:48 EST 2011
Keep in mind that SSO is one big Anti-Pattern, especially when
considering threats like CSRF. Consider forcing re-authentication for
high risk apps and features (like password or email edit).
On Feb 12, 2011, at 4:03 AM, Nick Owen <nowen at wikidsystems.com> wrote:
> We have had one customer and one large prospect integrate with
> SimpleSAML. It is an open-source php-based solution. I have not
> played with it, but I intend to now. I was a bit surprised because,
> well, it's php.
> I have also tested against OpenSSO (which I found excessively complex)
> and CAS (very .edu/web oriented). Both of those are java.
> However, these are not appliances and may not meet your requirements.
> On Fri, Feb 11, 2011 at 2:02 PM, Joe White <joe at cyberlocksmith.com> wrote:
>> My apologies if my question is slightly off topic but I was hoping to get
>> your thoughts on perimeter appliances for SAML SSO integration.
>> The short list I have currently is:
>> Pointers to existing published reviews and/or bake-offs would also be
>> Disclaimer: my question is discovery/research focused only to make sure I am
>> not missing a vendor worth consideration during due diligence. I have no
>> affiliation with any perimeter appliance vendor.
>> The Web Security Mailing List
>> WebSecurity RSS Feed
>> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>> WASC on Twitter
>> websecurity at lists.webappsec.org
> Nick Owen
> WiKID Systems, Inc.
> Commercial/Open Source Two-Factor Authentication
> The Web Security Mailing List
> WebSecurity RSS Feed
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> websecurity at lists.webappsec.org
More information about the websecurity