OpenSAML-C++ Security Advisory - is there any Auth0 impact?

richard.barnett · March 20, 2025, 3:01pm

We support federation of authentication to our customers’ Idps via Auth0 using SAML & WS-Federation protocols.

A customer with an OpenAthens (Shibboleth/SAML) Idp notified us of a security advisory OpenSAML-C++ / Service Provider Security Advisory [13 March 2025]

Does this affect Auth0’s SAML protocol stack?

dawid.matuszczyk · March 20, 2025, 4:13pm

Hi @richard.barnett

Thank you for raising our attention to this topic, I’ve contacted our internal team for confirmation regarding this topic. I’ll get back to you as soon as I will have more details.

Thanks
Dawid

dawid.matuszczyk · March 20, 2025, 5:01pm

Hi @richard.barnett

Our Security team has reviewed this vulnerability and confirmed that Auth0 is not impacted, as our services do not utilize Shibboleth Service Provider or OpenSAML-C++ components.

Thanks
Dawid

Topic		Replies	Views
Auth0 support for integration with federations like Open Athens and Shibboleth Get Help	8	4979	August 5, 2024
Auth0 SAML provider with an OIDC Idp Get Help saml , oidc	2	3161	September 4, 2019
How to setup Shibboleth as SAML provider in Auth0 Get Help saml , shibboleth	5	8220	February 13, 2024
How can I add Auth0 as IdP into ADFS? Get Help saml , auth0 , adfs , samlp , saml2	5	5709	November 8, 2018
SAML service provider features Get Help	0	1605	March 8, 2022

OpenSAML-C++ Security Advisory - is there any Auth0 impact?

Related topics