# SAML XML签名包装攻击绕过签名验证

- **ID:** `security/saml-xml-signature-wrapping`
- **领域:** security
- **类别:** protocol_error
- **验证级别:** ai_generated
- **修复率:** 85%

## 根因

SAML响应包含多个断言，但XML签名仅覆盖一个良性的断言；攻击者插入一个未签名的恶意断言，由于宽松的XML解析逻辑而被应用程序处理。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| SAML 2.0 | active | — | — |
| Shibboleth IdP 4.3.0 | active | — | — |
| Okta 2024.01.0 | active | — | — |
| OpenSAML 4.3.0 | active | — | — |

## 解决方案

1. ```
   强制只处理SAML响应中的第一个（或单个）断言，并且它必须是签名覆盖的那个。Java中使用OpenSAML的示例：if (response.getAssertions().size() != 1) throw new SecurityException('不允许有多个断言');
   ```
2. ```
   使用严格的XML模式验证，拒绝SAML响应中任何意外的元素或结构变化。
   ```

## 无效尝试

- **Only validating the signature on the first assertion in the response** — Attackers can reorder assertions or place the signed assertion anywhere; the application may process a later unsigned assertion. (90% 失败率)
- **Using a DOM parser without disabling external entity processing** — This doesn't address signature wrapping; the parser still sees all assertions, and signature validation is not enforced on each. (95% 失败率)