Shib IDP v3 integration with Cylance
Cantor, Scott
cantor.2 at osu.edu
Mon Mar 19 09:21:49 EDT 2018
> Looks like I need to hand craft a minimal SP metadata file (no certs, one SAML2
> ACS endpoint). I presume Cylance wants the username returned in the
> NameID, since their SAML doc and says nothing about attributes.
Unless known to be using an unaffected or patched library, you should operate on the assumption that any one-off SP without encryption support is at least 50% likely to be impacted by the recent XML vulnerabilities or older ones people haven't been testing for. It's no longer really a viable practice to omit encryption unless you're going to personally test them all.
-- Scott
More information about the users
mailing list