An Authentication Flaw in Browser-based Single Sign-On Protocols: Impact and Remediations
Browser-based Single Sign-On (SSO) protocols relieve the user from the burden of dealing with multiple credentials thereby improving the user experience and the security. In this paper, the authors show that extreme care is required for specifying and implementing the prototypical browser-based SSO use case. They show that the main emerging SSO protocols, namely SAML SSO and OpenID, suffer from an authentication flaw that allows a malicious service provider to hijack a client authentication attempt or force the latter to access a resource without its consent or intention. This may have serious consequences, as evidenced by a Cross-Site Scripting attack that they have identified in the SAML-based SSO for Google Apps and in the SSO available in Novell Access Manager v.3.1.