saml
SAML authentication, XML signatures, SSO testing.
Load with: use saml
Quick example
use saml
result = samlp("value")
prn(result)Functions
SAML message parsing
samlp(saml_xml)
Performs the operation. Takes saml_xml.
samlp1(b64_saml)
Performs the operation. Takes b64_saml.
AuthnRequest generation
samla(issuer, destination, acs_url, name_id_format)
Performs the operation. Takes issuer, destination, acs_url, name_id_format.
Response generation
samlr(assertion_id, issuer, subject, recipient, attributes)
Performs the operation. Takes assertion_id, issuer, subject, recipient, attributes.
XML Signature
samls(xml, key, cert)
Lists items. Takes xml, key, cert.
samlv(signed_xml)
Performs the operation. Takes signed_xml.
Signature wrapping attacks
samlw(signed_response, evil_assertion)
Performs the operation. Takes signed_response, evil_assertion.
samlc(signed_xml)
Performs the operation. Takes signed_xml.
XXE in SAML
samlx(dtd_url)
Performs the operation. Takes dtd_url.
Metadata parsing
samlm(metadata_xml)
Returns limits or constraints. Takes metadata_xml.
IDP/SP configuration
samll(metadata_dir)
Performs the operation. Takes metadata_dir.
SSO flow testing
samls1(idp_url, sp_acs_url, username, password)
Performs the operation. Takes idp_url, sp_acs_url, username, password.
Assertion manipulation
samli(signed_assertion, extra_attrs)
Performs the operation. Takes signed_assertion, extra_attrs.
RelayState attacks
samlr1(relay_state)
Performs the operation. Takes relay_state.
Certificate extraction
samlg(metadata)
Performs the operation. Takes metadata.
Encrypted assertion
samle(assertion, cert)
Performs the operation. Takes assertion, cert.
decry(encrypted, key)
Performs the operation. Takes encrypted, key.
Conditions bypass
samlr2(assertion)
Performs the operation. Takes assertion.
Audience restriction bypass
samla1(assertion)
Performs the operation. Takes assertion.
Notes
- SAML 2.0 - SSO authentication, assertion parsing.