Module Todo: OAUTH / OIDC / SAML Detection #2095
TheTechromancer
started this conversation in
Module Requests
Replies: 1 comment
-
Added in #603 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
EDIT: module checklist
Security Assertion Markup Language (SAML) does have some standardized endpoints and features that could help you identify a SAML implementation, but it's a bit more complex and not as straightforward as OAuth or OpenID Connect.
Here are a few indications:
Metadata URL: SAML has a concept of metadata exchange, where the Identity Provider (IdP) and the Service Provider (SP) share information about themselves. This metadata is often exchanged via URLs, and it's common to see URLs like
https://<IdP or SP URL>/metadata
or/FederationMetadata/2007-06/FederationMetadata.xml
for Microsoft ADFS.SSO URL: The URL where the SAML Response and Assertion are posted to. This is typically at a location like
https://<SP URL>/sso/saml
or something similar.SLO URL: The URL where the Logout Request or Response is posted to. This is typically at a location like
https://<SP URL>/slo/saml
or something similar.ACS URL: Assertion Consumer Service URL, which is where the SAML assertion is sent after the user has been authenticated. In the case of SP initiated SSO, the ACS URL will be specified in the SAML request.
Note that these are just common patterns, but they aren't standardized or required like in OAuth or OpenID Connect. SAML endpoints can technically be at any URL, and the naming or structure of these URLs can differ greatly between different implementations. Therefore, it's not as simple to automatically detect a SAML implementation as it is with OAuth or OpenID Connect.
It's also worth noting that just because these URLs exist doesn't necessarily mean SAML is being used - it could just be a misconfiguration or a leftover from a previous implementation. The best way to definitively determine if SAML is being used is to inspect the network traffic and look for SAML requests/responses. SAML messages are typically XML and have a distinctive format.
Beta Was this translation helpful? Give feedback.
All reactions