"For each user, the lookup server then follows up with a HTTP request to verify the authenticity of the request. The request leaks the Federated Cloud ID of the user and should use HTTPS when ...