Environment-bound SAML assertions: A fresh approach to enhance the security of SAML assertions

Abstract

SAML plays an import role in authentication and authorization scenarios. People have paid much attention to its security, and find that major SAML applications have critical vulnerabilities, including XML signature wrapping (XSW) vulnerabilities and SAML assertion eavesdropping vulnerabilities. The countermeasures now available cannot address these two types of problems simultaneously, and always require a large change of the server modules. In this paper, we propose to break this stalemate by presenting a fresh approach to SAML. A key cause of XSW and SAML assertion eavesdropping is that SAML assertions can be verified independently of the environment related to them. So we present an improved version of SAML (environment-bound SAML) that provides SAML assertions with the ability to defeat XSW and SAML assertion eavesdropping by binding SAML assertions to environment, and keeps tiny deployment overhead. To ensure the integrity of the binding relationship, we present the Master-Slave signature (MSS) scheme to replace the original signature scheme. We implement our scheme in OpenSAML, and provide a performance evaluation of this implementation.