I have a scenario in mind and wonder if this is usually a disadvantage for single sign-on using SAML 2.0 / OIDC or if there are known ways to mitigate such a scenario:
1. A user can perform a single sign-on in a remote application, BizManager. To do this, the user authenticates to their Enterprise IdP Enterprise Provider and chooses BizManager to navigate. In this case, BizManager is the consumer consumption assertion service.
2. Suppose that Enterprise has configured a server to send a SAML 2.0 response with assertions on the user to the BizManager application. BizManager, in turn, will process this SAML response and, after verifying all assertions, will connect the Enterprise user to BizManager.
Suppose malicious actors infiltrate Enterprise IdP and can create other user accounts. Is there a way to control the ability of these newly created users to access BizManager? In particular, if the malicious actors knew a high-level user of BizManager, nothing prevented them from masquerading as a high-level user in BizManager.
Are there ways to thwart such a scenario? I had gone through a lot of literature. The general impression I get is probably not that BizManager can only issue the assertions provided to it. All of the above is opaque for BizManager.
- Is this understanding correct?
- Does the OIDC provide mechanisms to mitigate this?