{"id":10807,"date":"2018-05-28T10:36:16","date_gmt":"2018-05-28T09:36:16","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=10807\/"},"modified":"2020-01-02T11:28:27","modified_gmt":"2020-01-02T10:28:27","slug":"golden-saml-attack","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/","title":{"rendered":"Decoding cyberark\u2019s \u201cgolden SAML\u201d attack"},"content":{"rendered":"<p><em>An attack technique, christened \u201cGolden SAML\u201d, has recently been documented in an<\/em> <a href=\"https:\/\/www.cyberark.com\/threat-research-blog\/golden-saml-newly-discovered-attack-technique-forges-authentication-cloud-apps\/\"><em>article published on CyberArk\u2019s blog<\/em><\/a><em>. Although novel in the way it is carried out, the attack presented here makes use of a tried and tested principle.<\/em><\/p>\n<p><em>This attack method concerns all services using SSO solutions that are based on the SAML2 protocol (excluding HSM implementation).<\/em><\/p>\n<p>&nbsp;<\/p>\n<h2>What is golden SAML?<\/h2>\n<p>The title of the blog post isn\u2019t innocuous since \u201cGolden SAML\u201d is a nod to the &#8220;Golden Ticket\u201d attack which targets the Kerberos protocol.\u00a0<strong>Like Golden Ticket, Golden SAML allows an attacker to access to resources protected by SAML agents<\/strong> (for example:\u00a0 Azure, AWS, vSphere, Okta, Salesforce, etc.) <strong>using enhanced privileges provided by a \u201cgolden ticket\u201d<\/strong>. It also allows the attacker to work in the shadows without being identified, because after the attack, tokens can be generated outside the information system without making a request to the Identity Provider (IdP).<\/p>\n<p>In a standard series of SAML process steps:<\/p>\n<ol>\n<li>The client tries to access an application (the Service Provider).<\/li>\n<li>The application generates a \u201cSAML AuthRequest\u201d to authenticate the user.<\/li>\n<li>The Identity Provider (IdP) authenticates the user and sends a &#8220;SAML response&#8221; to the user, which can be used to access resources exposed by a Service Provider (SP).<\/li>\n<li>The SP checks the response and identifies the user, who is now authorized to use the service.<\/li>\n<\/ol>\n<p>The attack is based on the <strong>falsification of the SAML response<\/strong> that identifies and authenticates the user. The response is signed by the Identity Provider\u2019s private key, and may be encrypted, depending on the implementation. By verifying the integrity of the SAML response checking its signature, the application ensures that this has definitely been generated by the Identity Provider and has not been modified in transit.<\/p>\n<p>To falsify the answer, several pieces of information are needed:<\/p>\n<ul>\n<li>The Identity Provider\u2019s private key<\/li>\n<li>The Identity Provider\u2019s public certificate<\/li>\n<li>The Identity Provider\u2019s name<\/li>\n<li>The name of the role to be spoofed (e.g. administrator).<\/li>\n<\/ul>\n<p><strong>The only information that is genuinely complicated to obtain is the private signature key of the SAML response. The other three data items can be easily accessed, especially in the responses.<\/strong><\/p>\n<p><strong>It\u2019s possible to export the private key by accessing the IdP using an AD FS admin account<\/strong>. An initial attack on this account is a prerequisite for compromising the key.<\/p>\n<p>Once the relevant information has been gathered, the attacker will be able to freely generate genuine responses, outside the domain, without being spotted. Setting up strong authentication on the accounts being targeted provides no protection from attack because the proof of this authentication is provided by the SAML response, something that can now be falsified.<\/p>\n<p>As long as the IdP certificate is not modified, and the change is not taken into account by all Service Providers, the attack can keep up.<\/p>\n<p>&nbsp;<\/p>\n<h2>Decoding the attack<\/h2>\n<p>Despite the alarmist tone of the blog post, the <strong>vulnerability described can be attributed to questionable design choices in the SAML 2 protocol\u2014which uses signed tokens\u2014but not to a real security breach.\u00a0<\/strong>Indeed, the necessary condition is that an AD FS administrator account has been compromised to retrieve the domain\u2019s private key. However, the impact is high since the attacker can\u2014in an unconstrained fashion and from outside the domain\u2014access services protected by SAML agents that trust the domain. The retrieval of an IdP account can be detected, but the falsification of responses can be carried out with total discretion after the event.<\/p>\n<p>In addition, if the compromise of an IdP administrator account is detected, changing the password on the account will not give back it confidentiality to the private key, and will not allow a Golden SAML attack to be countered. Therefore, the only solution to block an attacker is to <strong>change the private key<\/strong>, which can have a <strong>major impact on Service Providers<\/strong> who rely on the IdP: it means the temporary rejection of the signed responses signed with the new key.<\/p>\n<p>Ultimately, private key theft renders identity federation vulnerable, which is not a new idea. SAML IdPs are concerned here, just as any security protocol that issues signed items would be (OpenID Connect, PKI, etc.).<\/p>\n<p>&nbsp;<\/p>\n<h2>How to prevent risk?<\/h2>\n<p><strong>The security of SAML tokens relies primarily on the IdP\u2019s private key<\/strong>\u2014and it\u2019s imperative that all necessary means to protect it are put in place.<\/p>\n<p>There are two approaches for storing and using this key: a software solution and a hardware solution.<\/p>\n<h3><strong>The software solution<\/strong><\/h3>\n<p>In this solution, <strong>the key is stored on a server responsible for keeping it secret and performing the signature operations of the responses<\/strong>. This will ensure that the machine and its environment are well protected. For this, it is recommended that several normal security recommendations are applied: isolating the machine on an administration VLAN, restricting its access to essential operators, securing\u2014<em>via<\/em> multi-factor authentication\u2014the privileged accounts that have access to the key, regularly applying security patches to the machine, logging access, and setting up SIEM rules adapted to the IdP, to detect intrusions, etc.<\/p>\n<p>While these preventive measures help limit the risks of the key being compromised, they cannot guarantee with any certainty that it has not been, or will not, be misappropriated.\u00a0<strong>Therefore, it makes sense for the IdP certificate and its private key to be renewed at regular intervals, or when there is doubt relating its confidentiality<\/strong>. When an IdP certificate is renewed, the Service Providers will need to <strong>accept the tokens without interrupting access<\/strong> by ensuring that they can seamlessly retrieve the certificate, and accept the tokens signed by the key,whileinvalidating the old certificate. This can be done by exposing the new certificate on a dedicated endpoint.<br \/>\nHowever, some <strong>edge effects<\/strong> often appear during key rotation (impacts on the Service Provider, for example). Similarly, it\u2019s rare that a Service Provider can support key revocation via a CRL.<\/p>\n<h3><strong>The hardware solution<\/strong><\/h3>\n<p>The hardware solution, which relies on the use of a Hardware Security Module (HSM), is much more robust because it guarantees the total security of the signature key. The module is responsible for protecting the key and performing all the cryptographic operations required for the signing process. The key never leaves the HSM, and the generation of a token outside the IS becomes impossible.<\/p>\n<p>However, the IdP will have to protect the secret information that allows it to request the HSM by following the normal recommendations set out above. f this secret is compromised, it can be regenerated without impacting the Service Providers because the signing key is not modified.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An attack technique, christened \u201cGolden SAML\u201d, has recently been documented in an article published on CyberArk\u2019s blog. Although novel in the way it is carried out, the attack presented here makes use of a tried and tested principle. This attack&#8230;<\/p>\n","protected":false},"author":1302,"featured_media":10131,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2777,3273],"tags":[3344,2871,3345,3346,3347,2979],"coauthors":[2903,2902],"class_list":["post-10807","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-ethical-hacking-indicent-response-en","tag-cyberark-en","tag-cyberattack","tag-golden-saml-en","tag-golden-ticket-en","tag-saml-en","tag-spoofing"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Decoding cyberark\u2019s \u201cgolden SAML\u201d attack - RiskInsight<\/title>\n<meta name=\"description\" content=\"Although novel in the way it is carried out, the technical attack &quot;Golden SAML&quot; presented here makes use of a tried and tested principle.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Decoding cyberark\u2019s \u201cgolden SAML\u201d attack - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"Although novel in the way it is carried out, the technical attack &quot;Golden SAML&quot; presented here makes use of a tried and tested principle.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-28T09:36:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-01-02T10:28:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"3873\" \/>\n\t<meta property=\"og:image:height\" content=\"3873\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Louis Larmignat\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Louis Larmignat\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/\"},\"author\":{\"name\":\"Louis Larmignat\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/31c353a1c964da81c13ba7e50e674737\"},\"headline\":\"Decoding cyberark\u2019s \u201cgolden SAML\u201d attack\",\"datePublished\":\"2018-05-28T09:36:16+00:00\",\"dateModified\":\"2020-01-02T10:28:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/\"},\"wordCount\":1105,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg\",\"keywords\":[\"CyberArk\",\"cyberattack\",\"Golden SAML\",\"Golden Ticket\",\"SAML\",\"spoofing\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Ethical Hacking &amp; Incident Response\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/\",\"name\":\"Decoding cyberark\u2019s \u201cgolden SAML\u201d attack - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg\",\"datePublished\":\"2018-05-28T09:36:16+00:00\",\"dateModified\":\"2020-01-02T10:28:27+00:00\",\"description\":\"Although novel in the way it is carried out, the technical attack \\\"Golden SAML\\\" presented here makes use of a tried and tested principle.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg\",\"width\":3873,\"height\":3873},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Decoding cyberark\u2019s \u201cgolden SAML\u201d attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/31c353a1c964da81c13ba7e50e674737\",\"name\":\"Louis Larmignat\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/louis-larmignat\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Decoding cyberark\u2019s \u201cgolden SAML\u201d attack - RiskInsight","description":"Although novel in the way it is carried out, the technical attack \"Golden SAML\" presented here makes use of a tried and tested principle.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/","og_locale":"en_US","og_type":"article","og_title":"Decoding cyberark\u2019s \u201cgolden SAML\u201d attack - RiskInsight","og_description":"Although novel in the way it is carried out, the technical attack \"Golden SAML\" presented here makes use of a tried and tested principle.","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/","og_site_name":"RiskInsight","article_published_time":"2018-05-28T09:36:16+00:00","article_modified_time":"2020-01-02T10:28:27+00:00","og_image":[{"width":3873,"height":3873,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg","type":"image\/jpeg"}],"author":"Louis Larmignat","twitter_misc":{"Written by":"Louis Larmignat","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/"},"author":{"name":"Louis Larmignat","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/31c353a1c964da81c13ba7e50e674737"},"headline":"Decoding cyberark\u2019s \u201cgolden SAML\u201d attack","datePublished":"2018-05-28T09:36:16+00:00","dateModified":"2020-01-02T10:28:27+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/"},"wordCount":1105,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg","keywords":["CyberArk","cyberattack","Golden SAML","Golden Ticket","SAML","spoofing"],"articleSection":["Cybersecurity &amp; Digital Trust","Ethical Hacking &amp; Incident Response"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/","name":"Decoding cyberark\u2019s \u201cgolden SAML\u201d attack - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg","datePublished":"2018-05-28T09:36:16+00:00","dateModified":"2020-01-02T10:28:27+00:00","description":"Although novel in the way it is carried out, the technical attack \"Golden SAML\" presented here makes use of a tried and tested principle.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/10\/Fotolia_78219251_Subscription_Monthly_XXL-hacker.jpg","width":3873,"height":3873},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2018\/05\/golden-saml-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Decoding cyberark\u2019s \u201cgolden SAML\u201d attack"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/31c353a1c964da81c13ba7e50e674737","name":"Louis Larmignat","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/louis-larmignat\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/10807","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1302"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=10807"}],"version-history":[{"count":3,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/10807\/revisions"}],"predecessor-version":[{"id":10816,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/10807\/revisions\/10816"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/10131"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=10807"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=10807"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=10807"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=10807"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}