CXRF attack and Shib SP
cantor.2 at osu.edu
Tue Apr 8 10:45:29 EDT 2014
On 4/8/14, 10:36 AM, "Russell Beall" <beall at usc.edu> wrote:
>Does anyone on this list have any shib configuration that can block CXRF
>so that a change to the app could be avoided?
I don't know for certain what was detected, but the short answer is that
IdP-initiated SSO is in and of itself an example of CXRF, and the SP
doesn't currently contain options to block it.
More information about the users