Hackers of India

o’Dea Assertions - Untwining the Security of the SAML Protocol

 Achin Kulshrestha 

2014/02/14

Single sign-on (SSO) systems have gained immense popularity and the backbone of this authentication mechanism is the Security Assertion Markup language or SAML. SAML is an XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, it allows for Browser based authentication and other authorization use cases such as cross-domain single sign-on between an Identity Provider and a Service Provider. Since SAML assertions act as an identity for the subject or principal whom the Service Provider is going to honor, the veracity of these assertions is critical. The XML signature related attacks such as Signature Exclusion attacks and signature wrapping attack (XSW) had affected most of the common SAML implementations. Also, SAML attributes which go as part of the SAML request and response are used to make critical decisions cross domain, therefore it is imperative their implementation is secure and fuzz testing of these parameters is necessary. In this talk, we will deep dive into the intricacies of SAML protocol security and we will also discuss the approach to asynchronously fuzz SAML assertions to find issues in proprietary SAML implementations.