IdP Initiated SAML and Man in the middle

Nate Klingenstein ndk at
Mon Jun 7 17:46:09 UTC 2021

> ​The fix for that was token binding, which Google proposed and then killed.

There is still the SAML holder-of-key profile if you can find a browser that can do mutual TLS authentication and an IdP and SP that have implemented it.  It's a longer shot.

Signet, Inc.
The Art of Access ®

More information about the users mailing list