ETAA2020.md

title	paper	people	peopleOrder
Micro-Id-Gym: a Flexible Tool for Pentesting Identity Management Protocols in the Wild and in the Laboratory	ETAA2020_MIG	AndreaBisegna RobertoCarbone GiulioPellizzari SilvioRanise	surname

{% include toc.md %}

SAML Tests

In Section 3.1 of the paper we mentioned a list of SAML tests. The table below reports all the tests that the Pentesting tool perform in SAML implementations.

Security Test	Prot.	Provider	P/A	Description	Mitigation
Missing Service Provider	S	IdP	P	Check whether the Issuer element is present in the SAML request.	Configure the IdP to accept only SAML request with Issuer attribute.
Missing Audience element	S	IdP	P	Check whether the Audience element is present in the SAML assertion.	Configure the IdP to include Audience element in the SAML assertion.
Missing OneTimeUse attribute	S	IdP	P	Check whether OneTimeUse attribute is present in the SAML assertion.	Configure the IdP to include OneTimeUse attribute in the SAML assertion.
Missing NotOnOrAfter attribute	S	IdP	P	Check whether NotOnOrAfter attribute is present in the SAML assertion.	Configure the IdP to include NotOnOrAfter attribute in the SAML assertion.
Missing InResponseTo attribute	S	IdP	P	Check whether InResponseTo attribute is present in the SAML assertion.	Configure the IdP to include InResponseTo attribute in the SAML assertion.
Missing Recipient in SubjectConfirmationData	S	IdP	P	Check whether Recipient attribute is present in the SAML assertion.	Configure the IdP to include Recipient attribute in SubjectConfirmationData element of SAML assertion.
Missing check on Recipient element	S	SP	P	Check whether the Recipient attribute is present in the SAML assertion.	Configure the Client to accept only SAML assertions with Recipient attribute.
Missing check on the InResponseTo attribute	S	SP	P	Check whether the InResponseTo attribute is present in the SAML assertion.	Configure the Client to accept only SAML assertions with InResponseTo attribute.
Missing check on NotOnOrAfter attribute	S	SP	P	Check whether the NotOnOrAfter attribute is present in the SAML assertion.	Configure the Client to accept only SAML assertions with NotOnOrAfter attribute.
Missing check on Destination element	S	SP	P	Check whether the Destination element is present in the SAML assertion.	Configure the Client to accept only SAML assertions with Destination element.
Missing OneTimeUse attribute	S	SP	P	Check whether the OneTimeUse attribute is present in the SAML assertion.	Configure the Client to accept only SAML assertions with OneTimeUse attribute.
Missing check on Audience element	S	SP	P	Check whether the Audience element is present in the SAML assertion.	Configure the Client to accept only SAML assertions with Audience element.
Alteration of the Relay State parameter	S	SP	A	Changes value of Relay State parameter.	Configure the Sanitize the value of Relay State parameter.
Session Fixation	S	SP	A	Check whether the implementation suffers the session vulnerability.	Handle properly the user sessions.
Missing check on Canonicalization algorithm	S	Any	P	Check if the Canonicalization algorithm used by the XML parser encode also comments.	Change XML parser Canonicalization algorithm to one that includes comments.

Tool

Micro-Id-Gym offers on the one hand (in the laboratory) an easy way to configure the production environment in a sandbox where pentesters can develop hands-on experiences on how IdM solutions work, by performing attacks with high impacts and better understand the underlying security issues. On the other hand (in the wild) a set of pentesting tools for the automatic security analysis of IdM protocols are provided.

Demonstration Video

<iframe src="https://drive.google.com/file/d/1CnnTvWeKg4b7MXxcXH1X4rpy5H1KnLBC/preview" ></iframe>

<iframe src="https://drive.google.com/file/d/1pntNiuMDh1_RuJVcdme9EigxZCLJavuz/preview" ></iframe>

Download

• Click here to download the tool.