|
|
|
|
|
|
by gtsteve
2540 days ago
|
|
|
I gave this code a quick skim and it seems reasonably well thought out and I wish I'd seen it before I rolled my own at work. There are numerous security flaws that one can accidentally introduce with SAML and it seems you've avoided the obvious ones at the very least (i.e. not checking there's only a single assertion, etc). Just in case you weren't aware of it, I found this page very helpful when developing mine: https://github.com/OWASP/CheatSheetSeries/blob/master/cheats... |
|
|