Shib IDP v3 integration with Cylance

Cantor, Scott cantor.2 at
Mon Mar 19 19:54:06 EDT 2018

On 3/19/18, 6:37 PM, "users on behalf of Phil Pishioneri" <users-bounces at on behalf of pgp at> wrote:
> We told our local Cylance admin about the advisory and asked to pass it along to Cylance.

Without naming names (yet), I'll just say that if you intend to be safe, you have no choice at this stage but to test or find somebody else to. Vendors are currently in denial mode or don't understand how any of this works well enough to even recognize they're playing the role that can be vulnerable (or are in some cases outright claiming the IdP is the vulnerable half). You will not get any adequate response unless you force the issue right now, it's too early.

-- Scott

More information about the users mailing list