EDR: Missing certain SAML functionality
search cancel

EDR: Missing certain SAML functionality

book

Article ID: 292067

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

When testing integration using 'Ping lDP', the EDR Server is missing certain SAML functionality:

  • NotBefore/NotOnOrAfter
  • SAML repost not rejected
  • Use Transient Session
  • Enforce Max Session

Environment

  • EDR Server: All Versions
  • SAML Integration

Cause

Engineering escalation 'CB-33755' created to address issues found.

Resolution

Follow-up Engineering escalations created to address issues:

  • CB-34556: EDR does not check NotBefore/NotOnOrAfter fields in SAML assertion - Will be addressed in v7.7.1 Server Release
  • CB-34557: EDR should allow SAML assertion to only be used once - (Configuring EDR to respect the NotBefore/NotOnOrAfter fields in CB-34556 would also cover this issue, as assertions would only be good for a certain timeframe.)
  • CB-34554: Allow configuration of transient sessions - Will be addressed in v7.8.0 Server Release
  • CB-34555: Allow for Session length to be defined by SAML assertion - Scheduled for future Server release

Additional Information

 

    Powered by Wolken Software