I'm not holding out much hope on the OneLogin side, the breach they had earlier this year sounded really bad. Maybe that event woke up the other identity providers though.
http://www.zdnet.com/article/onelogin-security-chief-new-details-data-breach/ > On Sep 27, 2017, at 13:14, Kyle Creyts <[email protected]> wrote: > > Or other SAML IDP private keys. ADFS is good, but stealing them from IDP > vendors might be much more efficient, and open many more doors. One hopes > that Google, OneLogin, Okta, and friends all do the needful to compartment > and protect these private keys. > >> On Wed, Sep 27, 2017 at 1:00 PM Konrads Smelkovs >> <[email protected]> wrote: >> >> I was thinking about long term persistence and clearly, it would make a lot >> of sense to steal the private key of the ADFS certificate that is used to >> authenticate SAML claims. Anyone seen it done? >> >> >> -- >> Konrads Smelkovs >> Applied IT sorcery. >> _______________________________________________ >> Dailydave mailing list >> [email protected] >> https://lists.immunityinc.com/mailman/listinfo/dailydave > > -- > Kyle Creyts > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
