Abstract

Based on recently proposed attack scenarios, we show that SAML assertions and SAML artifacts are still vulnerable to real-world attacks on browser-based implementations. We propose two different bindings of SAML assertions and SAML artifacts to the TLS security layer and show that these bindings protect against all known attacks. The two bindings are based on TLS client certificates, and on a variant of the well-known Same Origin Policy of browsers.