Adina Bogert-O'Brien
SSO protocols are just ways for an identity provider to share information about an authenticated identity with another service. Me having a way to tell my vendor “yeah, that’s Bob” doesn’t tell me what the vendor does with this information, or if the vendor always asks me who’s coming in the door. A bad SSO implementation can make you think you’re safer, while hiding all the new and fun things that have gone wrong. To get the most out of implementing SSO, I need to know what I’m trying to accomplish and what steps I need to follow to get there. To illustrate why SSO needs to be set up carefully, for each of the things you need to do right, I’ll give you some fun examples of creative ways you and your vendor can do this wrong. We all learn from failure, right???
Adina Bogert-O'Brien[node:field-speakers-institution]
I am incessantly curious, work in renewable energy, and sometimes find vulnerabilities when I’m bored. I co-founded a hackerspace over a decade ago but have only just accepted that security is more than a hobby. At work, I’m a business architect with security leanings working in knowledge management for a major renewable energy company.
author = {Adina Bogert-O{\textquoteright}Brien},
title = {{OMG} {WTF} {SSO}: A {Beginner{\textquoteright}s} Guide to Single {Sign-On} (Mis)configuration},
year = {2024},
address = {Dublin},
publisher = {USENIX Association},
month = oct
}
