#SEC588

SAMLStorm: Critical Authentication Bypass in xml-crypto and Node.js libraries — WorkOS Any service using xml-crypto or a Node.js SAML implementation using it, should update immediately to the latest version. WorkOS customers are safe and were not impacted.

If you have ever taken #SEC588, I have always said that SAML needs to go away. Here is a nasty bug in a library where you can bypass it altogether mostly: workos.com/blog/samlstorm

Just send a signed request, and you will be good to go.