Reputation: 191
SAML2 Token Replay Validation
I've created a Issue on Github repo: https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/issues/72
Although there is a DetectReplayedTokens config setting that gets into the TokenValidationParametes, the default behavior for token replay validation is to bypass the validation if there are no validators and no token replay cache is set.
However there is no way the code lets you set those values, they are not exposed anywhere.
if (TokenValidationParameters.ValidateTokenReplay)
{
ValidateTokenReplay(saml2SecurityToken.Assertion.Conditions.NotBefore, tokenString, TokenValidationParameters);
}
There is no way I could set the Replay cache or validator in the TokenValidationParameters as it is not exposed anywhere. So, the DetectReplayedTokens setting is of not much help.
This method in SAML2Request.cs needs an update?
public static Saml2IdentityConfiguration GetIdentityConfiguration(Saml2Configuration config)
Thanks for your work on the library and any insight into this issue.
Upvotes: 1
Views: 315
Answers (1)
Reputation: 4334
Currently working on a fix, please ses https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/issues/72
Upvotes: 1
Related Questions
- Validate assertion after request replay attack
- IDP initiated SAML flow with ITfoxtec
- itfoxtec-identity-saml2 Validate Token and Refresh token Implementation in .Net core 3.1
- ITfoxtec.Identity.Saml2 - multiple authentication schemas
- ITfoxtec SAML 2.0 Session TimeOut
- Error: 'There is not exactly one Assertion' Using ITfoxtech Saml2
- SAML Authorization with renewal of assertion
- ITfoxtec SAML 2.0 encrypt assertion
- How to prevent replay attack in IDP initiated SSO using SAML2
- How to validate whether SAMLv2 response is from IdP?