OneLogin and SLO?
cantor.2 at osu.edu
Mon Jul 23 09:08:15 EDT 2018
> To close the loop on this: I filed a support request with OneLogin asking them
> for comment, pointing out that (in my opinion) there's a security hole in their
> product's handling of the SAML SLO messages (they neither check the
> signature of the LogoutRequest, nor do they sign the LogoutResponse), and
> they essentially (in so many words) said "We don't care. You can file an
> enhancement request, and if enough people vote on it, we might implement
Pretty much expected, but thanks for trying, and posting back about it.
More information about the users