Single Sign-On: A Hacker's Perspective

Matthijs Melissen

Playlists: 'MCH2022' videos starting here / audio

This talk gives an introduction in how single sign-on protocols (such as SAML, OAuth 2, and Open ID Connect) work. Subsequently, I will talk about the most commonly found vulnerabilities in these protocols. Finally, I will show various ways to resolve these vulnerabilities.

Single sign-on remains a hot topic in 2022. Many organisations are in the process of moving identity management and authentication out of of their application, and offload it to an identity provider. By doing so, application owners hope to avoid the challenges that come with identity management. However, the application will still needs to obtain the user’s identity from the identity provider, which is done using a single sign-on protocol.

Unfortunately (or fortunately?), single sign-on protocols are difficult to get right. Flaws in the implementation of single sign-on protocols can have serious consequences. In the worst case, such flaws allow hackers to log into the application as an arbitrary user. And this is not just a theoretical risk, but something I encounter in my work as ethical hacker on a regular basis.

I will start this talk by giving an introduction to some of the protocols that are commonly used to achieve single-sign on. Such protocols include SAML, OAuth 2, and Open ID Connect. Subsequently, I will talk about the state of single-sign on applications as I encounter them as an ethical hacker. I will demonstrate which vulnerabilities I encounter in the real world, and what the consequences of such vulnerabilities could be.

At the end of this talk, you should have a good overview of how single sign-on protocols work, what types of vulnerabilities typically occur in them, and how to protect against such vulnerabilities.