SAML authentication bypass possibility due lack of IdP cert option #5180
-
Current wiki.js implementation uses version of node-saml/passport-saml Line 151 in 8dcbc18 which has following issues: Instances of For background information see:
This issue was fixed to If you are unable to upgrade wiki/server/modules/authentication/saml/authentication.js Lines 31 to 33 in 8dcbc18 wiki/server/modules/authentication/saml/definition.yml Lines 26 to 31 in 8dcbc18 Furthermore wiki.js'es current
|
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 4 replies
-
@NGPixel could you take a look at this report... SAML authentication response digital signature verification is the most important thing to validate about response (among other things like
Quote from https://docs.oasis-open.org/security/saml/v2.0/saml-sec-consider-2.0-os.pdf
Another quote from https://sec.okta.com/articles/2020/05/common-pitfalls-custom-saml-implementations
|
Beta Was this translation helpful? Give feedback.
-
Dependency updated in 2cb7b9f |
Beta Was this translation helpful? Give feedback.
Dependency updated in 2cb7b9f