[EXTERNAL] RE: "Proofpoint" integration with Shibboleth.

Ernie Kinsey Ernie.Kinsey at cpcc.edu
Wed Jul 11 13:16:27 EDT 2018 

Scott,

Thanks; unfortunately for me, no two of the integrations I've completed so far have been the same, so there's no "usual" for me.  Would you be willing to share a (redacted if necessary) screen-shot of the configuration you used?  That's part of what I've yet to figure out and what I'm trying to get from the vendor.  I think I'm good to go if I can see an example of how the settings look.

Thanks again,
Ernie.


On 7/11/18, 12:44 PM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:

    > Has anyone here had experience integrating a product called “Proofpoint
    > Protection Server” from a company called “Proofpoint Essentials” with
    > Shibboleth, or know someone who has?  I’m trying to get some information
    > to augment what I’ve gotten from the vendor so far; contact with someone
    > who’s already done this would probably fill in the remaining gaps in my
    > knowledge.

    I did it a few weeks ago (assuming it's the same product), during the course of which I verified they had a comment injection vulnerability that they subsequently patched. They don't support encryption and that has continued to be a sign that you're probably 50/50 going to find them vulnerable.

    I haven't done a write up of it. There wasn't anything unusual that I recall, apart from the bug, it was self-service configuration via web interface.

    -- Scott

    --
    For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
    To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net


________________________________

This e-mail, including any attachments, is intended only for the addressee's use and may contain confidential and proprietary information. If you are not the intended recipient, you are hereby notified that any retention, dissemination, reproduction, or use of the information contained in this e-mail is strictly prohibited. If you have received this e-mail by error, please delete it and immediately notify the sender. Thank you for your cooperation.

More information about the users mailing list