Vulnarex | Elite Cybersecurity Learning Platform

#The Cryptographic Seal of XML#link

In a SAML flow, the assertion is passed through the user's browser. Because the browser is an untrusted environment, the SP must have a way to guarantee that the assertion was not modified. This is achieved through XML-DSig (Digital Signatures) and XML-Enc (Encryption).

XML Digital Signatures (XML-DSig)

Unlike a simple HMAC, XML-DSig allows for 'partial' signing. The IdP can sign the entire assertion, or just specific elements. The SP uses the IdP's public key (from the metadata) to verify the signature.

callout

The signature is not just a hash; it's a complex structure that defines which parts of the XML were signed (C14N - Canonicalization).

xml

<ds:Signature xmlns:ds="http://www.w3.org/2000/09-10/xmldsig#">
  <ds:SignedInfo>
    <ds:CanonicalizationMethod Algorithm="...C14N" />
    <ds:SignatureMethod Algorithm="...RSA-SHA256" />
    <ds:Reference URI="#_assertion_id">
      <ds:DigestMethod Algorithm="...SHA256" />
      <ds:DigestValue>aB3...xY9</ds:DigestValue>
    </ds:Reference>
  </ds:SignedInfo>
  <ds:SignatureValue>M1z...pL0</ds:SignatureValue>
</ds:Signature>

Canonicalization (C14N) is critical. Since XML can have different spacing or attribute orders but remain logically identical, C14N 'standardizes' the XML before hashing it, ensuring the signature doesn't break due to a stray newline.

Assertion Encryption (XML-Enc)

info

💡 Signing provides *Integrity* (it wasn't changed), but Encryption provides *Confidentiality* (it can't be read).

Detecting Encrypted Assertions

root@vulnarex:~#grep "EncryptedAssertion" saml_capture.xml

When an assertion is encrypted, the IdP uses the SP's public key to encrypt the data. Only the SP, possessing the corresponding private key, can decrypt and read the user's attributes.

Feature	SAML Signing	SAML Encryption
Goal	Integrity & Authenticity	Confidentiality
Key Used	IdP Private Key $ o$ SP Public Key	SP Public Key $ o$ SP Private Key
Visibility	Content is plaintext, signature is verified	Content is ciphertext, only SP can read
Attack Risk	Signature Wrapping (XSW)	Key Leakage

The Implementation Trap

STRICT SECURE AUDIT RULE

A critical error is verifying the signature of the *assertion* but not the signature of the *response* (or vice versa), which can lead to assertion injection.

▪Ensure the signature is wrapped around the entire SAML Response
▪Use strong algorithms (RSA-SHA256 or better)
▪Strictly enforce C14N standards
▪Rotate signing keys every 12-24 months

STRICT SECURE AUDIT RULE

Never use the 'None' algorithm for signatures. Always require a valid, trusted certificate from the IdP metadata.

quiz BLOCK (★ 50 XP)

What is the purpose of 'Canonicalization' (C14N) in SAML signing?

Select your proof vectors above

challenge BLOCK (★ 100 XP)

The Encryption Gap