CXRF attack and Shib SP

Cantor, Scott cantor.2 at
Tue Apr 8 10:45:29 EDT 2014

On 4/8/14, 10:36 AM, "Russell Beall" <beall at> wrote:
>Does anyone on this list have any shib configuration that can block CXRF
>so that a change to the app could be avoided?

I don't know for certain what was detected, but the short answer is that
IdP-initiated SSO is in and of itself an example of CXRF, and the SP
doesn't currently contain options to block it.

-- Scott

More information about the users mailing list