Recent security findings unveiled a possible attack on the SAML framework. The attack relies on the fact that XML canonicalization ignores comments inside XML documents. Because of this you could add a <!-- comment --> inside a subject or attribute value. It seems that many XML parsing libs split up the value if this tag is present.
We tested the SAML handling in Trustbuilder and verified that we are not vulnerable to this attack. However we found one small caveat: if the IDP sends in an assertion with comment tag, we will propagate the comment tag to the SAML SP as well.
Comments
Article is closed for comments.