On the Security of Identity Brokers in Single Sign-On
Louis Jannett, Tommaso Innocenti
In this talk, we present our S&P'25 paper, exploring the brokered SSO ecosystem and its security. This new flow introduces a broker that mediates interactions between websites and Identity Providers. We uncovered 249 brokers and found 50 vulnerable.