sso
Safeguard articles tagged "sso" — guides, analysis, and best practices for software supply chain and application security.
6 articles
SAML SSO vulnerabilities: signature wrapping and assertion replay explained
A 2024 ruby-saml flaw (CVE-2024-45409, CVSS 9.8) let attackers forge SAML assertions and log in as any user, including admins — seven years after the same bug class was first disclosed.
SSO, SCIM, and Vanta integrations for compliance-driven t...
How SSO, SCIM, and native Vanta integration shape audit readiness for supply chain security tools, and where Safeguard's approach differs from Socket.dev's.
Okta Cross-Tenant Impersonation 2024
Okta's cross-tenant impersonation advisory and related social-engineering campaigns exposed how identity providers get targeted. Lessons for defenders.
What is Single Sign-On (SSO)
SSO lets users log in once to access many apps — but it also concentrates identity into one high-value target. Here's how it works and its real risks.
Oracle Cloud Classic SSO Incident: rose87168 and the Legacy Endpoint Problem
In March 2025 an actor calling themselves rose87168 advertised six million Oracle Cloud SSO and LDAP records, and Oracle quietly acknowledged a breach of legacy infrastructure. We unpack what happened and what tenants should do.
SAML Security in a Supply Chain Context
SAML is the authentication backbone for enterprise SSO. Its XML-based attack surface makes it a high-value target for supply chain compromise.