Thursday, November 05, 2015

SAML : Please do not roll your own

I've answered two questions on the forums today concerning SAML 2.0 protocol stacks that people are trying to roll on their own.

Not surprisingly, they are stuck and I can pretty much guarantee that there are security holes in their solutions that you could drive a Soviet May Day parade through!

SAML is hard, security is hard, writing security software is even harder,

Please use a library e.g. SAML : SAML connectivity / toolkit

Enjoy!

2 comments:

Saurabh Saxena said...

SAML is really hard... :)

nzpcmad said...

Indeed it is.

Which just reinforces the point that you should not roll your own!