Room 2

15:00 - 16:00 (UTC+02)

Talk (60 min)

Why we should kill Saml2

Despite Saml2 being a well established standard for single sign on, it is horrible. Just about every implementation I've investigated has been broken, including finding flaws in .Net Framework's SignedXml implementation.

Looking at how Saml2 approaches the top 10 challenges of a Single Sign On Protocol makes a strong argument on why OpenID Connect is better on every single point.

Anders Abel

Anders is a senior software architect with extensive experience of security solutions. He has helped implementing IdentityServer in organizations over the world, often in combination with his Saml2 packages. Since 2021, Anders works with Duende Software Inc on designing and implementing authentication solutions built on IdentityServer.