Cybersecurity

Keycloak Vulnerability Puts SAML Authentication at Risk

The vulnerability lies in Keycloak’s XMLSignatureUtil class, which incorrectly verifies SAML signatures, disregarding the vital “Reference” element that specifies the signed portion of the document.