{"id":23296,"date":"2021-03-25T13:55:23","date_gmt":"2021-03-25T17:55:23","guid":{"rendered":"https:\/\/canarie.machinedev.ca\/?post_type=document&p=23296"},"modified":"2024-12-03T10:50:05","modified_gmt":"2024-12-03T15:50:05","slug":"bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2","status":"publish","type":"document","link":"https:\/\/www.canarie.ca\/fr\/document\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\/","title":{"rendered":"FCA – Bulletin sur la s\u00e9curit\u00e9 destin\u00e9 aux fournisseurs du service SAML2"},"content":{"rendered":"\n

Une nouvelle faille vient d\u2019\u00eatre d\u00e9couverte dans le traitement XML r\u00e9alis\u00e9 par divers fournisseurs du service SAML<\/p>\n\n\n\n

R\u00e9sum\u00e9<\/h3>\n\n\n\n

Le logiciel \u00ab Service Provider \u00bb de Shibboleth et d\u2019autres syst\u00e8mes d\u2019ex\u00e9cution SAML sont vuln\u00e9rables aux attributs des faux utilisateurs, ce qui pourrait faciliter l\u2019usurpation d\u2019identit\u00e9 et la consultation des donn\u00e9es personnelles.<\/p>\n\n\n\n

Pour att\u00e9nuer le risque, nous exhortons les fournisseurs de services qui adh\u00e8rent \u00e0 la FCA ou qui utilisent le logiciel de leur institution d\u2019agir sans d\u00e9lai en suivant les recommandations \u00e9mises par le cr\u00e9ateur de leur logiciel.
Comme cela a d\u00e9j\u00e0 \u00e9t\u00e9 le cas auparavant, l\u2019usage de XML Encryption, qui fait partie int\u00e9grante du protocole SAML, est une mesure d\u2019att\u00e9nuation importante. Ceux qui d\u00e9ploient les logiciels devraient prioriser l\u2019application des correctifs prenant en charge les assertions SAML non chiffr\u00e9es qui recourent au logiciel Service Provider vis\u00e9 par cet avis.<\/p>\n\n\n\n

Mesures recommand\u00e9es<\/h3>\n\n\n\n

Si vous utilisez le logiciel Service Provider de Shibboleth : passez \u00e0 la version V1.6.4 ou \u00e0 une version sup\u00e9rieure de la biblioth\u00e8que XMLTooling-C et relancez les proc\u00e9dures touch\u00e9es (shibd, Apache, etc.).
Si vous utilisez un autre logiciel, similaire \u00e0 Service Provider : passez en revue les avis du fournisseur et le blogue DUO sur la s\u00e9curit\u00e9 ci-dessous.<\/p>\n\n\n\n

Compl\u00e9ment d\u2019information<\/h3>\n\n\n\n

Shibboleth : https:\/\/shibboleth.net\/community\/advisories\/secadv_20180227.txt<\/a>
Blogue sur les risques : https:\/\/duo.com\/blog\/duo-finds-saml-vulnerabilities-affecting-multiple-implementations<\/a><\/p>\n\n\n\n

Des questions?<\/h3>\n\n\n\n

Veuillez visiter notre\u00a0page de soutien<\/a>.<\/p>\n","protected":false},"featured_media":20431,"parent":0,"template":"","program":[137],"document_type":[225,195],"class_list":["post-23296","document","type-document","status-publish","has-post-thumbnail","hentry","program-fca","document_type-bulletins-gfi","document_type-soutien-technique"],"acf":[],"yoast_head":"\nFCA - Bulletin sur la s\u00e9curit\u00e9 destin\u00e9 aux fournisseurs du service SAML2 - CANARIE<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.canarie.ca\/fr\/document\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FCA - Bulletin sur la s\u00e9curit\u00e9 destin\u00e9 aux fournisseurs du service SAML2 - CANARIE\" \/>\n<meta property=\"og:description\" content=\"Une nouvelle faille vient d\u2019\u00eatre d\u00e9couverte dans le traitement XML r\u00e9alis\u00e9 par divers fournisseurs du service SAML R\u00e9sum\u00e9 Le logiciel […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.canarie.ca\/fr\/document\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\/\" \/>\n<meta property=\"og:site_name\" content=\"CANARIE\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-03T15:50:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.canarie.ca\/wp-content\/uploads\/2018\/02\/news_FIM.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"405\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.canarie.ca\\\/fr\\\/document\\\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\\\/\",\"url\":\"https:\\\/\\\/www.canarie.ca\\\/fr\\\/document\\\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\\\/\",\"name\":\"FCA - Bulletin sur la s\u00e9curit\u00e9 destin\u00e9 aux fournisseurs du service SAML2 - CANARIE\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.canarie.ca\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.canarie.ca\\\/fr\\\/document\\\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.canarie.ca\\\/fr\\\/document\\\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.canarie.ca\\\/wp-content\\\/uploads\\\/2018\\\/02\\\/news_FIM.png\",\"datePublished\":\"2021-03-25T17:55:23+00:00\",\"dateModified\":\"2024-12-03T15:50:05+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.canarie.ca\\\/fr\\\/document\\\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\\\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.canarie.ca\\\/fr\\\/document\\\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/www.canarie.ca\\\/fr\\\/document\\\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.canarie.ca\\\/wp-content\\\/uploads\\\/2018\\\/02\\\/news_FIM.png\",\"contentUrl\":\"https:\\\/\\\/www.canarie.ca\\\/wp-content\\\/uploads\\\/2018\\\/02\\\/news_FIM.png\",\"width\":800,\"height\":405,\"caption\":\"caf fim\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.canarie.ca\\\/fr\\\/document\\\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.canarie.ca\\\/fr\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"FCA – Bulletin sur la s\u00e9curit\u00e9 destin\u00e9 aux fournisseurs du service SAML2\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.canarie.ca\\\/#website\",\"url\":\"https:\\\/\\\/www.canarie.ca\\\/\",\"name\":\"CANARIE\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.canarie.ca\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"FCA - Bulletin sur la s\u00e9curit\u00e9 destin\u00e9 aux fournisseurs du service SAML2 - CANARIE","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.canarie.ca\/fr\/document\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\/","og_locale":"fr_FR","og_type":"article","og_title":"FCA - Bulletin sur la s\u00e9curit\u00e9 destin\u00e9 aux fournisseurs du service SAML2 - CANARIE","og_description":"Une nouvelle faille vient d\u2019\u00eatre d\u00e9couverte dans le traitement XML r\u00e9alis\u00e9 par divers fournisseurs du service SAML R\u00e9sum\u00e9 Le logiciel […]","og_url":"https:\/\/www.canarie.ca\/fr\/document\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\/","og_site_name":"CANARIE","article_modified_time":"2024-12-03T15:50:05+00:00","og_image":[{"width":800,"height":405,"url":"https:\/\/www.canarie.ca\/wp-content\/uploads\/2018\/02\/news_FIM.png","type":"image\/png"}],"twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.canarie.ca\/fr\/document\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\/","url":"https:\/\/www.canarie.ca\/fr\/document\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\/","name":"FCA - Bulletin sur la s\u00e9curit\u00e9 destin\u00e9 aux fournisseurs du service SAML2 - CANARIE","isPartOf":{"@id":"https:\/\/www.canarie.ca\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.canarie.ca\/fr\/document\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\/#primaryimage"},"image":{"@id":"https:\/\/www.canarie.ca\/fr\/document\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.canarie.ca\/wp-content\/uploads\/2018\/02\/news_FIM.png","datePublished":"2021-03-25T17:55:23+00:00","dateModified":"2024-12-03T15:50:05+00:00","breadcrumb":{"@id":"https:\/\/www.canarie.ca\/fr\/document\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.canarie.ca\/fr\/document\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.canarie.ca\/fr\/document\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\/#primaryimage","url":"https:\/\/www.canarie.ca\/wp-content\/uploads\/2018\/02\/news_FIM.png","contentUrl":"https:\/\/www.canarie.ca\/wp-content\/uploads\/2018\/02\/news_FIM.png","width":800,"height":405,"caption":"caf fim"},{"@type":"BreadcrumbList","@id":"https:\/\/www.canarie.ca\/fr\/document\/bulletin-sur-la-securite-destine-aux-fournisseurs-du-service-saml2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.canarie.ca\/fr\/"},{"@type":"ListItem","position":2,"name":"FCA – Bulletin sur la s\u00e9curit\u00e9 destin\u00e9 aux fournisseurs du service SAML2"}]},{"@type":"WebSite","@id":"https:\/\/www.canarie.ca\/#website","url":"https:\/\/www.canarie.ca\/","name":"CANARIE","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.canarie.ca\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"}]}},"_links":{"self":[{"href":"https:\/\/www.canarie.ca\/fr\/wp-json\/wp\/v2\/document\/23296","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.canarie.ca\/fr\/wp-json\/wp\/v2\/document"}],"about":[{"href":"https:\/\/www.canarie.ca\/fr\/wp-json\/wp\/v2\/types\/document"}],"version-history":[{"count":1,"href":"https:\/\/www.canarie.ca\/fr\/wp-json\/wp\/v2\/document\/23296\/revisions"}],"predecessor-version":[{"id":44664,"href":"https:\/\/www.canarie.ca\/fr\/wp-json\/wp\/v2\/document\/23296\/revisions\/44664"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.canarie.ca\/fr\/wp-json\/wp\/v2\/media\/20431"}],"wp:attachment":[{"href":"https:\/\/www.canarie.ca\/fr\/wp-json\/wp\/v2\/media?parent=23296"}],"wp:term":[{"taxonomy":"program","embeddable":true,"href":"https:\/\/www.canarie.ca\/fr\/wp-json\/wp\/v2\/program?post=23296"},{"taxonomy":"document_type","embeddable":true,"href":"https:\/\/www.canarie.ca\/fr\/wp-json\/wp\/v2\/document_type?post=23296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}