Skip to content

Commit

Permalink
Merge pull request #591 from jpuckett-di/patch-1
Browse files Browse the repository at this point in the history
doc fix typos
  • Loading branch information
pitbulk authored Sep 29, 2024
2 parents cadabb7 + 3305ba9 commit 59475ba
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -191,14 +191,14 @@ a trusted and expected URL.
Read more about Open Redirect [CWE-601](https://cwe.mitre.org/data/definitions/601.html).


### Avoiding Reply attacks ###
### Avoiding Replay attacks ###

A reply attack is basically try to reuse an intercepted valid SAML Message in order to impersonate a SAML action (SSO or SLO).
A replay attack is basically try to reuse an intercepted valid SAML Message in order to impersonate a SAML action (SSO or SLO).

SAML Messages have a limited timelife (NotBefore, NotOnOrAfter) that
make harder this kind of attacks, but they are still possible.

In order to avoid them, the SP can keep a list of SAML Messages or Assertion IDs alredy valdidated and processed. Those values only need
In order to avoid them, the SP can keep a list of SAML Messages or Assertion IDs alredy validated and processed. Those values only need
to be stored the amount of time of the SAML Message life time, so
we don't need to store all processed message/assertion Ids, but the most recent ones.

Expand Down

0 comments on commit 59475ba

Please sign in to comment.