security
protocol_error
ai_generated
true
SAML XML签名包装攻击绕过签名验证
SAML XML signature wrapping attack bypasses signature validation
ID: security/saml-xml-signature-wrapping
85%修复率
87%置信度
1证据数
2023-11-05首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| SAML 2.0 | active | — | — | — |
| Shibboleth IdP 4.3.0 | active | — | — | — |
| Okta 2024.01.0 | active | — | — | — |
| OpenSAML 4.3.0 | active | — | — | — |
根因分析
SAML响应包含多个断言,但XML签名仅覆盖一个良性的断言;攻击者插入一个未签名的恶意断言,由于宽松的XML解析逻辑而被应用程序处理。
English
The SAML response contains multiple assertions, but the XML signature only covers a benign assertion; the attacker inserts a malicious assertion that is not signed but is processed by the application due to lax XML parsing logic.
官方文档
https://wiki.shibboleth.net/confluence/display/OSAML/XML+Signature+Wrapping+Attack解决方案
-
强制只处理SAML响应中的第一个(或单个)断言,并且它必须是签名覆盖的那个。Java中使用OpenSAML的示例:if (response.getAssertions().size() != 1) throw new SecurityException('不允许有多个断言'); -
使用严格的XML模式验证,拒绝SAML响应中任何意外的元素或结构变化。
无效尝试
常见但无效的做法:
-
Only validating the signature on the first assertion in the response
90% 失败
Attackers can reorder assertions or place the signed assertion anywhere; the application may process a later unsigned assertion.
-
Using a DOM parser without disabling external entity processing
95% 失败
This doesn't address signature wrapping; the parser still sees all assertions, and signature validation is not enforced on each.