On February 27, 2018, Duo Security announced the discovery of a new class of vulnerability affecting SAML-based single sign-on systems. This flaw can allow an authenticated attacker to fool SAML systems into logging in as a different user, even without knowledge of the victim’s password. You can read more details on SAML, the vulnerability class, and affected vendors in Duo’s announcement here: Duo Finds SAML Vulnerabilities Affecting Multiple Implementations.
ITculate and any authentication 3rd party used by ITculate are not vulnerable to this issue, therefore, ITculate’s customers do not need to take any action. However, if you are using any library or 3rd party as SAML Identity Provider (IdP) and are processing SAML responses in your own code, you will need to verify whether the libraries you are using are vulnerable.
One of the 3rd party services ITculate is using is Auth0. Auth0 is used for authentication and authorization, and is not impacted by the SAML Vulnerabilities. To learn more about it, please review the statement from Auth0.