Secure SAML validation to prevent XML signature wrapping attacks
Pawel Krawczyk
TL;DR
This paper discusses how poor documentation and examples in SAML validation libraries can lead to security vulnerabilities, and proposes methods to prevent XML signature wrapping attacks.
Contribution
It highlights the importance of correct implementation in SAML validation and provides guidance to avoid vulnerabilities caused by inadequate documentation.
Findings
Poor documentation can lead to insecure SAML implementations
Proper validation practices can prevent XML signature wrapping attacks
Clear guidelines improve security in SAML assertion processing
Abstract
SAML assertions are becoming popular method for passing authentication and authorisation information between identity providers and consumers using various single sign-on protocols. However their practical security strongly depends on correct implementation, especially on the consumer side. Somorovsky and others have demonstrated a number of XML signature related vulnerabilities in SAML assertion validation frameworks. This article demonstrates how bad library documentation and examples can lead to vulnerable consumer code and how this can be avoided.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCloud Data Security Solutions · Security and Verification in Computing · Cryptography and Data Security