Hi, On a recent security symposium https://www.usenix.org/conference/usenixsecurity12/breaking-saml-be-whoever-you-want-be an attack vector was shown for systems (excluding CAS) relying on saml tokens.
in a presentation and pdf 14 sso/saml based frameworks have been evaluated for that specific attack vector. I was wondering if the presented attack vector is also valid for the saml protocol as used by CAS. If this vulnerability is present in current setups can we elaborate on measures to mitigate this possbile threat in current production systems? René -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
