OmniAuth SAML
| Upstream URL | Security Risk | Abandonment Risk |
|---|---|---|
| https://github.com/omniauth/omniauth-saml | Very High | Very Low |
External contacts
The OmniAuth team is reachable by their public GitHub issue tracker. Security reports are taken via GHSA.
Security posture
This gem is responsible for the WTI SSO authentication strategy used for authenticating administrators. It is therefore is of critical importance for the security of MoR. Sign in bypass could expose all aspects of the storefront to a third party attacker, including customer addresses, order histories, and API credentials for Stripe, Facebook, and others.
Abandonment risk
This gem is maintained by the OmniAuth group themselves. There is very little risk to it being abandoned without the wider OmniAuth project suffering abandonment. See the discussion in the OmniAuth section.
Versioning policy
Updates will be pulled in via bundle during our monthly updates.
In the event of a major release of OmniAuth, we expect this gem to move with it; updates will be evaluated at the same time as OmniAuth.