Keycloak Vulnerability Puts SAML Authentication at Risk
Keycloak Vulnerability Puts SAML Authentication at Risk
23 September 2024
The vulnerability lies in Keycloak's XMLSignatureUtil class, which incorrectly verifies SAML signatures, disregarding the vital "Reference" element that specifies the signed portion of the document.