Hacker News with Generative AI: SAML

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials (github.blog)
Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. Attackers who are in possession of a single valid signature that was created with the key used to validate SAML responses or assertions of the targeted organization can use it to construct SAML assertions themselves and are in turn able to log in as any user.

Security, Authentication, SAML, Ruby, Vulnerabilities

312 points by campuscodi 18 days ago | 123 comments

SAMLStorm: Critical Authentication Bypass in XML-crypto and Node.js libraries (workos.com)
On Tuesday, March 4, 2025, WorkOS received a critical security report from researcher Alexander Tan (ahacker1) detailing a zero-day vulnerability in the widely used xml-crypto and SAML libraries in the Node.js ecosystem. This flaw allows attackers to forge SAML authentication responses, potentially granting unauthorized access to any user account in affected applications—including admin accounts—without any user interaction. If exploited, this vulnerability could enable full account takeovers across organizations relying on SAML-based single sign-on (SSO).

Security, Node.js, Authentication, SAML, Zero-Day Vulnerability

10 points by grinich 19 days ago | 0 comments

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials (github.blog)
Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. Attackers who are in possession of a single valid signature that was created with the key used to validate SAML responses or assertions of the targeted organization can use it to construct SAML assertions themselves and are in turn able to log in as any user.

Security, Authentication, SAML, Open Source, Ruby

10 points by mark 21 days ago | 0 comments

Ruby-SAML pwned by XML signature wrapping attacks (ssoready.com)
CVE-2024-45409 was published on September 10, 2024. It’s yet another XML signature wrapping attack, this time affecting the main Ruby implementation of SAML. The vuln allows an attacker log in as any arbitrary user of the affected system.

Security, Ruby, SAML, XML

166 points by ucarion 196 days ago | 91 comments

Visual explanation of SAML authentication (2020) (sheshbabu.com)

Security, Authentication, Visual Explanations, SAML

84 points by rkwz 253 days ago | 31 comments

A Gentle Introduction to SAML (ssoready.com)

Security, Authentication, SAML

244 points by ned_at_codomain 254 days ago | 95 comments