|
|
|
|
|
|
by mdavidn
702 days ago
|
|
|
In addition to reasons shared by other commenters, my main concern is XML Signature Wrapping. XMLDSig APIs are not well designed. They check whether signatures in a document are valid, but signatures are not required to cover the entire document. XMLDSig APIs do not make it easy to confirm that signatures cover a specific element of interest, like saml:Subject. An adversary can stuff a valid assertion within a forged one, and many popular SAML implementations would accept the forged assertion. This is mostly fixed now, but it's still one of those things that I must validate for myself in all new SAML service providers that I can influence. https://www.usenix.org/system/files/conference/usenixsecurit... https://arxiv.org/pdf/2106.10460 |
|
|