SSO Wars - The Token Menace

SSO Wars - The Token Menace

BSidesLV via YouTube Direct link

Examples of affected frameworks

11 of 20

11 of 20

Examples of affected frameworks

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

SSO Wars - The Token Menace

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Agenda
  3. 3 Delegated Authentication
  4. 4 JWT token
  5. 5 Similar code for SAML
  6. 6 Potential Attack Vectors (2/2)
  7. 7 Simplified SAML Token
  8. 8 SAML Signature Verification in .NET
  9. 9 A tale of two resolvers
  10. 10 Possible scenarios for different key resolution
  11. 11 Examples of affected frameworks
  12. 12 Windows Communication Foundation (WCF)
  13. 13 Key & Token Resolution
  14. 14 Token resolution - Breadth First
  15. 15 Dupe Key Confusion
  16. 16 Key and Token resolutions
  17. 17 Attack limitations
  18. 18 SharePoint Authentication Flow
  19. 19 SharePoint Attack Flow
  20. 20 Conclusions

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.