Shib IDP v3 integration with Cylance

Cantor, Scott cantor.2 at osu.edu
Mon Mar 19 09:21:49 EDT 2018


> Looks like I need to hand craft a minimal SP metadata file (no certs, one SAML2
> ACS endpoint).  I presume Cylance wants the username returned in the
> NameID, since their SAML doc and says nothing about attributes.

Unless known to be using an unaffected or patched library, you should operate on the assumption that any one-off SP without encryption support is at least 50% likely to be impacted by the recent XML vulnerabilities or older ones people haven't been testing for. It's no longer really a viable practice to omit encryption unless you're going to personally test them all.

-- Scott



More information about the users mailing list