# SAML XML signature wrapping attack bypasses signature validation - **ID:** `security/saml-xml-signature-wrapping` - **Domain:** security - **Category:** protocol_error - **Verification:** ai_generated - **Fix Rate:** 85% ## Root Cause The SAML response contains multiple assertions, but the XML signature only covers a benign assertion; the attacker inserts a malicious assertion that is not signed but is processed by the application due to lax XML parsing logic. ## Version Compatibility | Version | Status | Introduced | Deprecated | |---------|--------|------------|------------| | SAML 2.0 | active | — | — | | Shibboleth IdP 4.3.0 | active | — | — | | Okta 2024.01.0 | active | — | — | | OpenSAML 4.3.0 | active | — | — | ## Workarounds 1. **Enforce that only the first (or a single) assertion in the SAML response is processed, and that it must be the one covered by the signature. Example in Java using OpenSAML: if (response.getAssertions().size() != 1) throw new SecurityException('Multiple assertions not allowed');** (90% success) ``` Enforce that only the first (or a single) assertion in the SAML response is processed, and that it must be the one covered by the signature. Example in Java using OpenSAML: if (response.getAssertions().size() != 1) throw new SecurityException('Multiple assertions not allowed'); ``` 2. **Use a strict XML schema validation that rejects any unexpected elements or structure changes in the SAML response.** (80% success) ``` Use a strict XML schema validation that rejects any unexpected elements or structure changes in the SAML response. ``` ## Dead Ends - **Only validating the signature on the first assertion in the response** — Attackers can reorder assertions or place the signed assertion anywhere; the application may process a later unsigned assertion. (90% fail) - **Using a DOM parser without disabling external entity processing** — This doesn't address signature wrapping; the parser still sees all assertions, and signature validation is not enforced on each. (95% fail)