Skip to content
Snippets Groups Projects
Commit e8387879 authored by Pavel Břoušek's avatar Pavel Břoušek
Browse files

feat: authorization

parent d3ce889c
No related branches found
No related tags found
1 merge request!2authorization
......@@ -38,14 +38,14 @@ Then you need to connect SPs to the conformance IdP (exchange metadata), so that
Run against one target:
```sh
nuclei -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" \
nuclei -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" -V "AUTHORIZATION=AUTHORIZATION_HERE" \
-duc -ms -t nuclei-templates/ -nmhe -lna -dka 30 -dt 30
```
or using docker:
```sh
docker run --rm -v ./:/app/ projectdiscovery/nuclei -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" \
docker run --rm -v ./:/app/ projectdiscovery/nuclei -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" -V "AUTHORIZATION=AUTHORIZATION_HERE" \
-duc -ms -t /app/nuclei-templates/ -nmhe -lna -dka 30 -dt 30
```
......@@ -53,6 +53,7 @@ where
* `ACS_URL_HERE` is the assertion consumer service endpoint URL
* `ENTITY_ID_HERE` is the entity ID of the SP
* `AUTHORIZATION_HERE` is the authorization header, e.g. `Bearer abcd...789`
It is expected that the SP will return HTTP code 200/302/303 on success
and a different HTTP code on failure (e.g. when SAML response is not signed).
......
......@@ -5,6 +5,7 @@ info:
severity: high
tags: saml
variables:
AUTHORIZATION: "Bearer abcd...789"
CONFORMANCE_IDP_HOSTNAME: conformance-idp.maiv1.incubator.geant.org
TEST_CASES:
- noSignature
......@@ -27,11 +28,13 @@ http:
@Host: https://{{CONFORMANCE_IDP_HOSTNAME}}
POST /module.php/conformance/test/setup?testId={{url_encode(TEST_CASE)}}&spEntityId={{url_encode(ENTITY_ID)}} HTTP/1.1
Host: {{CONFORMANCE_IDP_HOSTNAME}}
Authorization: {{AUTHORIZATION}}
- |
@Host: https://{{CONFORMANCE_IDP_HOSTNAME}}
GET /saml2/idp/SSOService.php?spentityid={{url_encode(ENTITY_ID)}}&ConsumerURL={{url_encode(BaseURL)}} HTTP/1.1
Host: {{CONFORMANCE_IDP_HOSTNAME}}
Authorization: {{AUTHORIZATION}}
disable-path-automerge: true
extractors:
- type: xpath
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment