Debian Linux Security Advisory 2467-1 - It was discovered that Mahara, the portfolio, weblog, and resume builder, had an insecure default with regards to SAML-based authentication used with more than one SAML identity provider. Someone with control over one IdP could impersonate users from other IdP's.
5dee642e0bd8295239c7653b2351ced32900bd0db2c2ba222a7b00678aca31fd