Enable relay state in SAML requests to prevent replay attacks
Reduce the risk of replay attacks by enabling relay state in SAML requests to help prevent replay attacks.
Protect against SAML replay attacks using the glide.authenticate.sso.saml2.enable_relay_state_with_id system property. When this property is set to true, the relay state parameter contains the sys_id of a record in the MultiSSO Request Parameters [multisso_request_parameter] table, which the relay state URL redirects to.
Set the system property glide.authenticate.sso.saml2.enable_relay_state_with_id to true. This helps prevent attackers who have gained access to a SAML request from accessing your instance by resubmitting a valid request.
More information
| Attribute | Description |
|---|---|
| Technical configuration name | glide.authenticate.sso.saml2.enable_relay_state_with_id |
| Plugin applicability | Multi-Provider SSO plugin (com.snc.integration.sso.multi.installer) |
| Security risk |
The relay state enabled by this system property helps protect your instance against replay attacks. Enabling the property helps prevent attackers who have gained access to a SAML request from accessing your instance by resubmitting a valid request. |
| Common Vulnerability Scoring System (CVSS) score | 3.8 |
| Common Vulnerability Scoring System (CVSS) rating | Low |
| Functional impact | When this property is set to true, the relay state in a SAML request contains the sys_id of a record in the MultiSSO Request Parameters [multisso_request_parameter] table, which contains relay state URL to redirect to. |
| Dependencies and prerequisites | None |
| Data type | Boolean |
| Base system value | true |
| Fallback value | false |
| Recommended value | true |
To learn more about adding or creating a system property, see Add a system property.