SAML's signature problem: It's not you, it's XML
a year ago
- #XML DSIG
- #Security
- #SAML
- SAML's signature validation is problematic due to XML Digital Signatures (XML DSIG) complexities.
- Common issues include reference confusion, canonicalization mismatch, signature wrapping attacks, and broken schema validation.
- Reference confusion occurs when multiple elements have the same ID or no ID, leading to incorrect element verification.
- Canonicalization mismatch happens when sender and receiver use different methods to normalize XML, causing verification failures.
- Signature wrapping attacks involve injecting a validly signed assertion alongside an unsigned one, tricking the application into using the wrong data.
- Broken or missing schema validation can allow malformed XML structures, potentially leading to vulnerabilities like XXE attacks.
- Best practices for secure SAML validation include strict reference validation, canonicalization awareness, schema validation, and using trusted libraries.
- SAML remains widely used in enterprise identity systems, despite its challenges and the rise of modern protocols like OIDC.