Enable updated version of MultiSSO plugin [Updated in Security Center 1.3 and 1.5]

Xanadu Platform security

Release

xanadu

ft:locale

en-US

ft:publication_title

Xanadu Platform security

ft:clusterId

psec

bundleId

psec

workflow

Platform

Enable updated version of MultiSSO plugin [Updated in Security Center 1.3 and 1.5]

Release version: Xanadu

Updated February 1, 2024

1 minute to read

Verify that you're using v2 of the MultiSSO plugin and that it's set to true to reduce security vulnerabilities.

If the MultiSSO plugin is enabled on your instance, the version should be v2 and the value should be set to true. The versions prior to MultiSSOv2, including SAML 1.1 and SAML 2.0 don't follow security standards because they use OpenSAML library versions with known common vulnerabilities and exposures (CVEs). If the known CVEs were security threats in outdated OpenSAML libraries, this could enable a bad actor to forge messages and bypass authentication through XML Signature wrapping attacks, impersonating entities, or allowing man-in-the-middle attackers to gain unauthorized access to an instance.

More information


Attribute	Description
Configuration name	glide.authenticate.multissov2_feature.enabled
Configuration type	System Properties (/sys_properties_list.do)
Data type	boolean
Recommended value	true
Default value	true
Category	Configuration
Security risk	Severity score: 7.1 CVSS score: Medium Security risk details: Setting the property value to false means that you're using previous versions of MultiSSOv2 which uses OpenSAML libraries with security vulnerabilities. This could enable bad actors to forge messages.
Dependencies and prerequisites	None
References	https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0756504