Shib IDP v3 integration with Cylance
cantor.2 at osu.edu
Mon Mar 19 19:54:06 EDT 2018
On 3/19/18, 6:37 PM, "users on behalf of Phil Pishioneri" <users-bounces at shibboleth.net on behalf of pgp at pSu.edu> wrote:
> We told our local Cylance admin about the advisory and asked to pass it along to Cylance.
Without naming names (yet), I'll just say that if you intend to be safe, you have no choice at this stage but to test or find somebody else to. Vendors are currently in denial mode or don't understand how any of this works well enough to even recognize they're playing the role that can be vulnerable (or are in some cases outright claiming the IdP is the vulnerable half). You will not get any adequate response unless you force the issue right now, it's too early.
More information about the users