Skip to content

Latest commit

 

History

History
52 lines (41 loc) · 4.26 KB

ETAA2020.md

File metadata and controls

52 lines (41 loc) · 4.26 KB
title paper people peopleOrder
Micro-Id-Gym: a Flexible Tool for Pentesting Identity Management Protocols in the Wild and in the Laboratory
ETAA2020_MIG
AndreaBisegna
RobertoCarbone
GiulioPellizzari
SilvioRanise
surname

{% include toc.md %}

SAML Tests

In Section 3.1 of the paper we mentioned a list of SAML tests. The table below reports all the tests that the Pentesting tool perform in SAML implementations.

Security Test Prot. Provider P/A Description Mitigation
Missing Service Provider S IdP P Check whether the Issuer element is present in the SAML request. Configure the IdP to accept only SAML request with Issuer attribute.
Missing Audience element S IdP P Check whether the Audience element is present in the SAML assertion. Configure the IdP to include Audience element in the SAML assertion.
Missing OneTimeUse attribute S IdP P Check whether OneTimeUse attribute is present in the SAML assertion. Configure the IdP to include OneTimeUse attribute in the SAML assertion.
Missing NotOnOrAfter attribute S IdP P Check whether NotOnOrAfter attribute is present in the SAML assertion. Configure the IdP to include NotOnOrAfter attribute in the SAML assertion.
Missing InResponseTo attribute S IdP P Check whether InResponseTo attribute is present in the SAML assertion. Configure the IdP to include InResponseTo attribute in the SAML assertion.
Missing Recipient in SubjectConfirmationData S IdP P Check whether Recipient attribute is present in the SAML assertion. Configure the IdP to include Recipient attribute in SubjectConfirmationData element of SAML assertion.
Missing check on Recipient element S SP P Check whether the Recipient attribute is present in the SAML assertion. Configure the Client to accept only SAML assertions with Recipient attribute.
Missing check on the InResponseTo attribute S SP P Check whether the InResponseTo attribute is present in the SAML assertion. Configure the Client to accept only SAML assertions with InResponseTo attribute.
Missing check on NotOnOrAfter attribute S SP P Check whether the NotOnOrAfter attribute is present in the SAML assertion. Configure the Client to accept only SAML assertions with NotOnOrAfter attribute.
Missing check on Destination element S SP P Check whether the Destination element is present in the SAML assertion. Configure the Client to accept only SAML assertions with Destination element.
Missing OneTimeUse attribute S SP P Check whether the OneTimeUse attribute is present in the SAML assertion. Configure the Client to accept only SAML assertions with OneTimeUse attribute.
Missing check on Audience element S SP P Check whether the Audience element is present in the SAML assertion. Configure the Client to accept only SAML assertions with Audience element.
Alteration of the Relay State parameter S SP A Changes value of Relay State parameter. Configure the Sanitize the value of Relay State parameter.
Session Fixation S SP A Check whether the implementation suffers the session vulnerability. Handle properly the user sessions.
Missing check on Canonicalization algorithm S Any P Check if the Canonicalization algorithm used by the XML parser encode also comments. Change XML parser Canonicalization algorithm to one that includes comments.

Tool

Micro-Id-Gym offers on the one hand (in the laboratory) an easy way to configure the production environment in a sandbox where pentesters can develop hands-on experiences on how IdM solutions work, by performing attacks with high impacts and better understand the underlying security issues. On the other hand (in the wild) a set of pentesting tools for the automatic security analysis of IdM protocols are provided.

Demonstration Video

Download

  • Click here to download the tool.