TFIM SAML framework protected against XML Signature wrapping attacks

News


Abstract

TFIM SAML framework is protected against the XML Signature wrapping attacks described in the paper "Breaking SAML: Be Whoever You Want to Be".

Content

The paper Breaking SAML: Be Whoever You Want to Be describes XML Signature wrapping (XSW) attacks and the results of applying these attacks on real world SAML providers/frameworks. The following versions of Tivoli Federated Identity Manager (Enterprise and Business Gateway) are protected against the XSW attacks described in the paper:



For versions of TFIM that are no longer supported, IBM recommends that customers upgrade to a supported, fixed version of the product.

Related information

TFIM: Multiple Protocol XML signature validation bypass


Cross reference information
Segment Product Component Platform Version Edition
Security Tivoli Federated Identity Manager Business Gateway Not Applicable AIX, HP-UX, Linux, Solaris, Windows 6.2, 6.2.1, 6.2.2
Security Tivoli Federated Identity Manager for z/OS Not Applicable z/OS Version Independent

Product Alias/Synonym

TFIM
FIM
ISAM

Rate this page:

(0 users)Average rating

Document information


More support for:

Tivoli Federated Identity Manager

Software version:

6.2, 6.2.1, 6.2.2

Operating system(s):

AIX, HP-UX, Linux, Solaris, Windows, z/OS

Reference #:

1615696

Modified date:

2014-10-15

Translate my page

Machine Translation

Content navigation