Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

SSO Wars - The Token Menace

BSidesLV via YouTube

Overview

Explore the intricacies of Single Sign-On (SSO) security in this comprehensive conference talk from BSidesLV 2019. Delve into the world of delegated authentication, focusing on JWT and SAML tokens. Examine potential attack vectors, including signature verification vulnerabilities in .NET frameworks. Analyze key resolution methods and their impact on security. Investigate specific scenarios involving Windows Communication Foundation (WCF) and SharePoint authentication flows. Gain valuable insights into dupe key confusion attacks and their limitations. Equip yourself with essential knowledge to fortify SSO implementations against token-based threats.

Syllabus

Intro
Agenda
Delegated Authentication
JWT token
Similar code for SAML
Potential Attack Vectors (2/2)
Simplified SAML Token
SAML Signature Verification in .NET
A tale of two resolvers
Possible scenarios for different key resolution
Examples of affected frameworks
Windows Communication Foundation (WCF)
Key & Token Resolution
Token resolution - Breadth First
Dupe Key Confusion
Key and Token resolutions
Attack limitations
SharePoint Authentication Flow
SharePoint Attack Flow
Conclusions

Taught by

BSidesLV

Reviews

Start your review of SSO Wars - The Token Menace

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.