Thursday, November 05, 2015

SAML : Please do not roll your own

I've answered two questions on the forums today concerning SAML 2.0 protocol stacks that people are trying to roll on their own.

Not surprisingly, they are stuck and I can pretty much guarantee that there are security holes in their solutions that you could drive a Soviet May Day parade through!

SAML is hard, security is hard, writing security software is even harder,

Please use a library e.g. SAML : SAML connectivity / toolkit

Enjoy!

Posted by at
Labels:

2 comments:

Saurabh Saxena said...

SAML is really hard... :)

November 20, 2017 11:23 pm
nzpcmad said...

Indeed it is.

Which just reinforces the point that you should not roll your own!

November 21, 2017 6:38 am

Post a Comment

Subscribe to: Post Comments (Atom)