References
Yang R H, Lau W C, Chen J Y, et al. Vetting single sign-on SDK implementations via symbolic reasoning. In: Proceedings of the USENIX Security Symposium, Baltimore, 2018. 1459–1474
Bai G, Lei J, Meng G, et al. AUTHSCAN: automatic extraction of web authentication protocols from implementations. In: Proceedings of the Network and Distributed System Security Symposium, San Diego, 2013. 1–20
Ghasemisharif M, Ramesh A, Checkoway S, et al. O single sign-off, where art thou? An empirical analysis of single sign-on account hijacking and session management on the web. In: Proceedings of the USENIX Security Symposium, Baltimore, 2018. 1475–1492
Wang H, Zhang Y, Li J, et al. Vulnerability assessment of oauth implementations in android applications. In: Proceedings of the Annual Computer Security Applications Conference, Los Angeles, 2015. 61–70
Navas J, Beltrán M. Understanding and mitigating OpenID Connect threats. Comput Secur, 2019, 84: 1–16
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wang, H., Gu, D., Zhang, Y. et al. An empirical study of security issues in SSO server-side implementations. Sci. China Inf. Sci. 65, 179104 (2022). https://doi.org/10.1007/s11432-019-2697-1
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11432-019-2697-1