Rawcode Nov 23, 2023
Bob Lord 🔐 

The SSO tax is killing trust in the security industry

https://www.csoonline.com/article/1248700/the-sso-tax-is-killing-trust-in-the-security-industry.html

The SSO tax is killing trust in the security industry

Application providers charge fees to implement single sign-on but don't deliver a full SSO experience. Threat actors are taking advantage of the situation.

CSO Online
Nov 21, 2023 at 9:03pmWeb
Show threadMatt PalmerNov 21, 2023
@boblord I don't see the link between shitty SSO implementation and paying extra for SSO support. Is it somehow okay that an application doesn't respect session limits if SSO support was part of the base package? Paying extra for a buggy implementation might add insult to injury, but if someone is mad about paying for buggy, insecure software in general, their head would have caught fire with rage long before now.
Show threadTed SpenceNov 21, 2023

@boblord No matter how standardized I think SAML might be, every single customer who sets up SAML winds up discovering weird edge cases that only apply to their platform.

Thankfully most of the time it's limited to their platform having unique names for things that don't match other names.