From e838787957758154e0a118c415872b1306eacb05 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ou=C5=A1ek?= <brousek@ics.muni.cz>
Date: Wed, 21 Feb 2024 10:27:58 +0100
Subject: [PATCH] feat: authorization

---
 README.md                      | 5 +++--
 nuclei-templates/saml-raw.yaml | 3 +++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 00293cc..8c35b77 100644
--- a/README.md
+++ b/README.md
@@ -38,14 +38,14 @@ Then you need to connect SPs to the conformance IdP (exchange metadata), so that
 Run against one target:
 
 ```sh
-nuclei -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" \
+nuclei -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" -V "AUTHORIZATION=AUTHORIZATION_HERE" \
     -duc -ms -t nuclei-templates/ -nmhe -lna -dka 30 -dt 30
 ```
 
 or using docker:
 
 ```sh
-docker run --rm -v ./:/app/ projectdiscovery/nuclei -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" \
+docker run --rm -v ./:/app/ projectdiscovery/nuclei -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" -V "AUTHORIZATION=AUTHORIZATION_HERE" \
     -duc -ms -t /app/nuclei-templates/ -nmhe -lna -dka 30 -dt 30
 ```
 
@@ -53,6 +53,7 @@ where
 
 * `ACS_URL_HERE` is the assertion consumer service endpoint URL
 * `ENTITY_ID_HERE` is the entity ID of the SP
+* `AUTHORIZATION_HERE` is the authorization header, e.g. `Bearer abcd...789`
 
 It is expected that the SP will return HTTP code 200/302/303 on success
 and a different HTTP code on failure (e.g. when SAML response is not signed).
diff --git a/nuclei-templates/saml-raw.yaml b/nuclei-templates/saml-raw.yaml
index 18e1873..28124b1 100644
--- a/nuclei-templates/saml-raw.yaml
+++ b/nuclei-templates/saml-raw.yaml
@@ -5,6 +5,7 @@ info:
   severity: high
   tags: saml
 variables:
+  AUTHORIZATION: "Bearer abcd...789"
   CONFORMANCE_IDP_HOSTNAME: conformance-idp.maiv1.incubator.geant.org
   TEST_CASES:
     - noSignature
@@ -27,11 +28,13 @@ http:
         @Host: https://{{CONFORMANCE_IDP_HOSTNAME}}
         POST /module.php/conformance/test/setup?testId={{url_encode(TEST_CASE)}}&spEntityId={{url_encode(ENTITY_ID)}} HTTP/1.1
         Host: {{CONFORMANCE_IDP_HOSTNAME}}
+        Authorization: {{AUTHORIZATION}}
 
       - |
         @Host: https://{{CONFORMANCE_IDP_HOSTNAME}}
         GET /saml2/idp/SSOService.php?spentityid={{url_encode(ENTITY_ID)}}&ConsumerURL={{url_encode(BaseURL)}} HTTP/1.1
         Host: {{CONFORMANCE_IDP_HOSTNAME}}
+        Authorization: {{AUTHORIZATION}}
     disable-path-automerge: true
     extractors:
       - type: xpath
-- 
GitLab