{"guid":"import-b660dec4d932230337","title":"On Breaking SAML","subtitle":"Be Whoever You Want to Be","slug":"29c3-5210-en-on_breaking_saml_h264","link":"http://events.ccc.de/congress/2012/Fahrplan/events/5210.en.html","description":"The Security Assertion Markup Language (SAML) is a widely adopted language for making security statements about subjects. It is a critical component for the development of federated identity deployments and Single Sign-On scenarios. In order to protect integrity and authenticity of the exchanged SAML assertions, the XML Signature standard is applied. However, the signature verification algorithm is much more complex than in traditional signature formats like PKCS#7. The integrity protection can thus be successfully circumvented by application of different XML Signature specific attacks, under a weak adversarial model.\n","original_language":"eng","persons":["Andreas Mayer"],"tags":["29c3"],"view_count":221,"promoted":false,"date":"2012-12-29T01:00:00.000+01:00","release_date":"2013-01-06T01:00:00.000+01:00","updated_at":"2025-10-19T11:30:04.279+02:00","length":1408,"duration":1408,"thumb_url":"https://static.media.ccc.de/media/congress/2012/29c3-5210-en-on_breaking_saml_h264.jpg","poster_url":"https://static.media.ccc.de/media/congress/2012/29c3-5210-en-on_breaking_saml_h264_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2012/import-b660dec4d932230337-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2012/import-b660dec4d932230337-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/29c3-5210-en-on_breaking_saml_h264","url":"https://api.media.ccc.de/public/events/import-b660dec4d932230337","conference_title":"29C3: Not my department","conference_url":"https://api.media.ccc.de/public/conferences/29c3","related":[{"event_id":290,"event_guid":"import-1b1bb084cc68f7a3df","weight":2},{"event_id":588,"event_guid":"import-5209e4eb43ccb3e1ee","weight":1},{"event_id":603,"event_guid":"import-6b2a4cf64d7bf17171","weight":1},{"event_id":617,"event_guid":"import-dbe20ee1c46bbc4094","weight":1},{"event_id":646,"event_guid":"import-7af3c11a86c7ca7fca","weight":1},{"event_id":682,"event_guid":"import-a459e40d704e748d02","weight":1},{"event_id":1583,"event_guid":"import-11d95d8eb06a7bb8eb","weight":1},{"event_id":1655,"event_guid":"import-4fd5a1fd16f55e0a18","weight":1},{"event_id":1656,"event_guid":"import-3a9c3e4299e46ec310","weight":1},{"event_id":1661,"event_guid":"import-f96ec72f41d4dca7d6","weight":1},{"event_id":1664,"event_guid":"import-1f512e050ec4558192","weight":1},{"event_id":1672,"event_guid":"import-994f38c91b0a202295","weight":1},{"event_id":1678,"event_guid":"import-499496e1f8d0dc96ab","weight":1},{"event_id":1688,"event_guid":"import-4cdbb5158fcf67d436","weight":1},{"event_id":1695,"event_guid":"import-9c9d65739674a7882f","weight":2},{"event_id":1701,"event_guid":"import-033a8737829e937cdb","weight":1},{"event_id":1716,"event_guid":"import-15e4361b2ab005ddb4","weight":1},{"event_id":1718,"event_guid":"import-290f7b71026756648d","weight":1},{"event_id":1806,"event_guid":"IE5aOu8FUaPfpFv5v4rtJg","weight":1},{"event_id":1832,"event_guid":"toykIIIHEXC1x8F7xoiYRw","weight":1},{"event_id":1850,"event_guid":"n-OE9MQoWcUq2LFZB2e6DQ","weight":1},{"event_id":2005,"event_guid":"fYEG2G8TPGwD9OgqK13emw","weight":1},{"event_id":2757,"event_guid":"303801f5-9eaf-41a9-9022-92dc5cd702d2","weight":1},{"event_id":2876,"event_guid":"144b2208-bf0b-494c-99e5-665ed18f1e8f","weight":1},{"event_id":3154,"event_guid":"axE0bWDwutJ5VgLbiJnqJQ","weight":1},{"event_id":3599,"event_guid":"c54bec28-0cec-4472-9a0f-36be8b626dd7","weight":1},{"event_id":3607,"event_guid":"64c07cb5-ec19-4972-a2c8-96c0e0df83c6","weight":1},{"event_id":3636,"event_guid":"a1a52c4c-8233-403b-8f04-db981df016c1","weight":1},{"event_id":3668,"event_guid":"4745fbc3-87d4-41eb-8c82-2c1bb8a51beb","weight":1},{"event_id":3669,"event_guid":"7ef9172a-e2c7-4e78-9316-08449bd582c6","weight":2},{"event_id":3676,"event_guid":"f6811c99-96af-44d5-b82d-5afe826b2caf","weight":1},{"event_id":3689,"event_guid":"1f7eb981-2819-4824-8f40-4ddde0be7bf3","weight":1},{"event_id":3694,"event_guid":"ef62eb53-cb69-42c6-aab0-bc9d3b0e1e92","weight":1},{"event_id":3722,"event_guid":"b5b4ce04-1e4b-4e09-8347-4e72cb5f90b9","weight":1},{"event_id":3732,"event_guid":"8270c91a-d6e2-4f1c-9ebb-cdf10708d921","weight":1},{"event_id":3750,"event_guid":"bc9fff95-ca0f-4448-9c4c-875609353da7","weight":1},{"event_id":3751,"event_guid":"3226a81b-dd11-42cc-8c14-ae9f95c01bbd","weight":1},{"event_id":3761,"event_guid":"b598ebbf-0fc6-4127-bb9d-20ae18f1171d","weight":1},{"event_id":3880,"event_guid":"da855d30-e440-49f1-b811-afac8cd3ed43","weight":1},{"event_id":4762,"event_guid":"b036385c-ec1a-44e5-ae48-af703ce9b5d3","weight":1},{"event_id":4824,"event_guid":"5d255692-ae5e-4f96-b10e-55929d570813","weight":1},{"event_id":4919,"event_guid":"bf23997f-20bb-40a5-96f9-5f43f453e9dd","weight":1},{"event_id":5964,"event_guid":"f5c4898d-68fb-5758-9ea1-717a099803dd","weight":1},{"event_id":6477,"event_guid":"c85de43e-107e-4247-b550-946f376e2ec4","weight":1}],"recordings":[{"size":102,"length":1408,"mime_type":"audio/mpeg","language":"eng","filename":"29c3-5210-en-on_breaking_saml_mp3.mp3","state":"downloaded","folder":"mp3-audio-only","high_quality":true,"width":720,"height":576,"updated_at":"2014-05-10T15:27:00.589+02:00","recording_url":"https://cdn.media.ccc.de/congress/2012/mp3-audio-only/29c3-5210-en-on_breaking_saml_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/3412","event_url":"https://api.media.ccc.de/public/events/import-b660dec4d932230337","conference_url":"https://api.media.ccc.de/public/conferences/29c3"},{"size":102,"length":1408,"mime_type":"video/mp4","language":"eng","filename":"29c3-5210-en-on_breaking_saml_h264.mp4","state":"downloaded","folder":"mp4-h264-HQ","high_quality":true,"width":720,"height":576,"updated_at":"2016-01-27T11:03:55.377+01:00","recording_url":"https://cdn.media.ccc.de/congress/2012/mp4-h264-HQ/29c3-5210-en-on_breaking_saml_h264.mp4","url":"https://api.media.ccc.de/public/recordings/3411","event_url":"https://api.media.ccc.de/public/events/import-b660dec4d932230337","conference_url":"https://api.media.ccc.de/public/conferences/29c3"},{"size":102,"length":1408,"mime_type":"video/webm","language":"eng","filename":"29c3-5210-en-on_breaking_saml_webm.webm","state":"downloaded","folder":"webm","high_quality":true,"width":720,"height":576,"updated_at":"2016-01-27T11:03:55.412+01:00","recording_url":"https://cdn.media.ccc.de/congress/2012/webm/29c3-5210-en-on_breaking_saml_webm.webm","url":"https://api.media.ccc.de/public/recordings/3410","event_url":"https://api.media.ccc.de/public/events/import-b660dec4d932230337","conference_url":"https://api.media.ccc.de/public/conferences/29c3"}]}