mapitman
commented
3 years ago Any chance of getting this merged?
Closed cmunky closed 3 years ago
mapitman
commented
3 years ago Any chance of getting this merged?
AndersAbel
commented
3 years ago This is the kind of PR that gets an OSS maintainer very very happy.
This PR adds test cases for documented XML Signature Wrapping exploits
During the course of our SAML security audit, we came across a blog post identifying several specific XSW exploits.
We followed up on this and attempted each exploit ourselves using available tools.
As result of this work, we wrote test cases to ensure these exploits continue to return the expected exceptions
We based these test cases on the libraries provided by the SAML Raider extension
We felt that these test cases may also be beneficial to other users of the Sustainsys SAML libraries