Ok, so the website has "SAML 2.0 SP Metadata" which is security assertion markup language. Uploaded on the Ubuntu Apache server for our schools website. the SAML script also works with "Shib 1.3 IdP Metadata".
Basically, I want to know and understand the advantages and disadvantages of this type of authentication script.
It's easy to analyze error pages and find yourself at a page that gives you the option to log on as a administrator as well as giving you the Administrators user name, but not password of course. Isn't this a big security issue itself?
I have an example website that uses this type of user/password authentication, but I don't know if its against the rules to post.
The following image below shows the SSO process of communication between client to server.
the sites using SAML2.0 so I think that this vulnerability has been patched. Although it will not hurt to do some reading on this.
For now I'm going to try and set up my own website. All I have is a basic laptop running windows 7..I can use Win 7 IIS or WAMP..either way I have a lot of learning to do I cant even get a basic page up and running without the server saying Forbidden you don't have access to view this page.
Hellbound Hackers is the collective work of the staff and the community and is therefore licensed under the CC BY-NC-SA license.