FAQ: Forum Sentry not Impacted by Widespread SAML SSO Vulnerability

On February 27, 2018 Duo Labs posted a blog article that detailed a vulnerability class that impacts many SAML SSO implementations. For reference see:


"This blog post describes a new vulnerability class that affects SAML-based single sign-on (SSO) systems. This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim user’s password."

More information on these vulnerabilities can be found on the pages linked below: 




Forum Sentry is an API Security Gateway that is often deployed as a cyber-secure Identity Policy Enforcement Point (PEP).

Forum Sentry is a cyber security hardened product, and has a built-in cyber-secure SAML SSO Identity Provider (IdP) component. Forum Sentry is *not* impacted by any of the recent SAML SSO related CVEs called out by the Duo Labs findings.

A key differentiator of Forum Sentry API Security Gateway technology is that it combines API Security with cyber-secure Identity Policy Enforcement Points for the strongest protection available.

Advantages of using Forum Sentry for Identity, Access Control, and SSO:

  • Combined, centralized Identity Enablement and Translation
  • Combined RBAC, ABAC, and CBAC
  • Multi-Factor identity
  • Universal, vendor agnostic support of modern identity formats
  • Built-in adapters to all modern IdM systems
  • Full integrated support for SSO including SAML & OAuth client and token servers
  • Multi-Context Identity (using the protocol and the payload data)
  • Extensible authentication APIs for no-code integration to other 3rd party authorization systems






Have more questions? Submit a request


Article is closed for comments.