From multiple credentials to browser-based single sign-on: Are we more secure?

24Citations
Citations of this article
28Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Browser-based Single Sign-On (SSO) is replacing conventional solutions based on multiple, domain-specific credentials by offering an improved user experience: clients log on to their company system once and are then able to access all services offered by the company's partners. By focusing on the emerging SAML standard, in this paper we show that the prototypical browser-based SSO use case suffers from an authentication flaw that allows a malicious service provider to hijack a client authentication attempt and force the latter to access a resource without its consent or intention. This may have serious consequences, as evidenced by a Cross-Site Scripting attack that we have identified in the SAML-based SSO for Google Apps: the attack allowed a malicious web server to impersonate a user on any Google application. We also describe solutions that can be used to mitigate and even solve the problem. © 2011 IFIP International Federation for Information Processing.

Cite

CITATION STYLE

APA

Armando, A., Carbone, R., Compagna, L., Cuellar, J., Pellegrino, G., & Sorniotti, A. (2011). From multiple credentials to browser-based single sign-on: Are we more secure? In IFIP Advances in Information and Communication Technology (Vol. 354 AICT, pp. 68–79). Springer New York LLC. https://doi.org/10.1007/978-3-642-21424-0_6

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free