IdP Initiated SAML and Man in the middle
ndk at signet.id
Mon Jun 7 17:46:09 UTC 2021
> The fix for that was token binding, which Google proposed and then killed.
There is still the SAML holder-of-key profile if you can find a browser that can do mutual TLS authentication and an IdP and SP that have implemented it. It's a longer shot.
The Art of Access ®
More information about the users