[WEB SECURITY] Perimeter appliances for SAML SSO

James Manico jim at manico.net
Fri Feb 11 23:56:48 EST 2011


Yo Joe,

Keep in mind that SSO is one big Anti-Pattern, especially when
considering threats like CSRF. Consider forcing re-authentication for
high risk apps and features (like password or email edit).

-Jim Manico
http://manico.net

On Feb 12, 2011, at 4:03 AM, Nick Owen <nowen at wikidsystems.com> wrote:

> Joe:
>
> We have had one customer and one large prospect integrate with
> SimpleSAML.  It  is an open-source php-based solution.  I have not
> played with it, but I intend to now. I was a bit surprised because,
> well, it's php.
>
> I have also tested against OpenSSO (which I found excessively complex)
> and CAS (very .edu/web oriented).  Both of those are java.
>
> However, these are not appliances and may not meet your requirements.
>
> HTH,
>
> Nick
>
> On Fri, Feb 11, 2011 at 2:02 PM, Joe White <joe at cyberlocksmith.com> wrote:
>>
>> My apologies if my question is slightly off topic but I was hoping to get
>> your thoughts on perimeter appliances for SAML SSO integration.
>>
>> The short list I have currently is:
>>
>> Conformity
>> Ping
>> Symplified
>>
>> Pointers to existing published reviews and/or bake-offs would also be
>> appreciated.
>>
>> Disclaimer: my question is discovery/research focused only to make sure I am
>> not missing a vendor worth consideration during due diligence.  I have no
>> affiliation with any perimeter appliance vendor.
>>
>> Thanks,
>> Joe
>>
>> <<<>>>
>>
>> _______________________________________________
>> The Web Security Mailing List
>>
>> WebSecurity RSS Feed
>> http://www.webappsec.org/rss/websecurity.rss
>>
>> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>
>> WASC on Twitter
>> http://twitter.com/wascupdates
>>
>> websecurity at lists.webappsec.org
>> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>>
>>
>
>
>
> --
> --
> Nick Owen
> WiKID Systems, Inc.
> 404.962.8983
> http://www.wikidsystems.com
> Commercial/Open Source Two-Factor Authentication
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org




More information about the websecurity mailing list