The Dangers of SAML IdP-Initiated SSO

added by DotNetKicks
11/29/2021 5:53:36 PM

209 Views

When using SAML, you have two methods for starting Single Sign-On (SSO): SP-initiated or IdP-initiated. Both have their use cases, but one is more secure than the other. No points for guessing from the title. These flows are used entirely within the browser and defined by SAML's Web SSO profile, which is the main use case of modern SAML (SAML in the 2020s).


0 comments