Since the identity assertion is used to prove the identity of the user, its integrity is critical. The user obtains an identity assertion from the identity provider and uses that to authenticate to the service provider. SAML enables SSO by facilitating information exchange between three parties: the user, the identity provider, and the service provider. SAMLĪnother common SSO mechanism is SAML. Usually, hackers steal the session cookies by finding a subdomain takeover, RCE, XSS, or any other vulnerability that would expose the user’s cookie.īecause the compromise of a single subdomain can mean a total compromise of the entire SSO system, using shared cookies as an SSO mechanism greatly widens the attack surface for each individual service. If attackers can steal the shared session cookie by compromising a single subdomain, all the SSO sites would be at risk. The Achilles’ heel of cookie sharing is subdomain integrity. But, with its simplicity, this approach also comes with a unique set of vulnerabilities. Set-Cookie: cookie=abc123 Domain= Secure HttpOnly In this case, the cookie will be sent for any subdomain of “”. Browser cookies can be shared across subdomains if their “domain” flag is set to a common parent domain. One way that applications can implement SSO is by sharing cookies across subdomains. Cooking Sharing Between Subdomains (Shared-session SSO) Cookie sharing, SAML, and OAuth are the three most common ways of implementing SSO. And, users won’t need to log in multiple times when using the different services provided by the same company. This way, companies with many web services can manage a centralized source of user credentials instead of keeping track of users for each site.
For example, if you are logged into “”, you won’t have to re-enter your credentials to use the services of “”.
SSO is a feature that allows users to access multiple services belonging to the same organization without logging in multiple times.
0 kommentar(er)
