Introducing SAML Shield: open source protection for SAML CVEs

SAML Shield, launched by the Stytch Team, offers an open-source solution to enhance security for SAML-based services by providing immediate protection against Common Vulnerabilities and Exposures (CVEs) without relying on upstream maintainers for patches. It integrates seamlessly with proxies like Nginx, Envoy, or Istio and supports a variety of configurations, including API and self-hosted options, to ensure comprehensive protection against typical SAML vulnerabilities such as Signature Wrapping Attacks, XML External Entity vulnerabilities, and Replay Attacks. Designed to operate alongside existing SAML implementations, SAML Shield inspects and blocks malicious SAML responses at runtime, ensuring zero-day protection even for unpatched services, and offers a permanent free tier with additional paid options for higher usage. This tool addresses the fragile nature of SAML security, which is often due to the complexities of its XML foundation and the slow patch cycle of many SAML libraries, helping teams to shield against known attack patterns efficiently and with minimal integration effort.