We support federation of authentication to our customers’ Idps via Auth0 using SAML & WS-Federation protocols.
A customer with an OpenAthens (Shibboleth/SAML) Idp notified us of a security advisory OpenSAML-C++ / Service Provider Security Advisory [13 March 2025]
Does this affect Auth0’s SAML protocol stack?
Thank you for raising our attention to this topic, I’ve contacted our internal team for confirmation regarding this topic. I’ll get back to you as soon as I will have more details.
Thanks
Dawid
Our Security team has reviewed this vulnerability and confirmed that Auth0 is not impacted, as our services do not utilize Shibboleth Service Provider or OpenSAML-C++ components.
Thanks
Dawid
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.