Comment by SigmundA

Comment by SigmundA a day ago

0 replies

View on Hacker News

>1) the user’s browser acts as a MITM between the SP and IdP on all requests (vector for this attack)

This is exactly how OIDC implicit flow works. The basic difference is using JWT instead of signed XML otherwise it's nearly identical, I mean public/private key signing is the basis for JWT and XML sig.

SAML also supports artifact binding which would use a back channel similar to other ODIC flows, but I haven't seen it used much because its make things more complicated and requires the SP to be able to communicate with the IdP.