Skip to content
Snippets Groups Projects
Commit e8387879 authored by Pavel Břoušek's avatar Pavel Břoušek
Browse files

feat: authorization

parent d3ce889c
No related branches found
No related tags found
1 merge request!2authorization
Hide whitespace changes
Inline Side-by-side
README.md
+ 3
2
View file @ e8387879
...@@ -38,14 +38,14 @@ Then you need to connect SPs to the conformance IdP (exchange metadata), so that ...@@ -38,14 +38,14 @@ Then you need to connect SPs to the conformance IdP (exchange metadata), so that
Run against one target: Run against one target:
```sh ```sh
nuclei -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" \ nuclei -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" -V "AUTHORIZATION=AUTHORIZATION_HERE" \
-duc -ms -t nuclei-templates/ -nmhe -lna -dka 30 -dt 30 -duc -ms -t nuclei-templates/ -nmhe -lna -dka 30 -dt 30
``` ```
or using docker: or using docker:
```sh ```sh
docker run --rm -v ./:/app/ projectdiscovery/nuclei -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" \ docker run --rm -v ./:/app/ projectdiscovery/nuclei -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" -V "AUTHORIZATION=AUTHORIZATION_HERE" \
-duc -ms -t /app/nuclei-templates/ -nmhe -lna -dka 30 -dt 30 -duc -ms -t /app/nuclei-templates/ -nmhe -lna -dka 30 -dt 30
``` ```
...@@ -53,6 +53,7 @@ where ...@@ -53,6 +53,7 @@ where
* `ACS_URL_HERE` is the assertion consumer service endpoint URL * `ACS_URL_HERE` is the assertion consumer service endpoint URL
* `ENTITY_ID_HERE` is the entity ID of the SP * `ENTITY_ID_HERE` is the entity ID of the SP
* `AUTHORIZATION_HERE` is the authorization header, e.g. `Bearer abcd...789`
It is expected that the SP will return HTTP code 200/302/303 on success It is expected that the SP will return HTTP code 200/302/303 on success
and a different HTTP code on failure (e.g. when SAML response is not signed). and a different HTTP code on failure (e.g. when SAML response is not signed).
......
nuclei-templates/saml-raw.yaml
+ 3
0
View file @ e8387879
...@@ -5,6 +5,7 @@ info: ...@@ -5,6 +5,7 @@ info:
severity: high severity: high
tags: saml tags: saml
variables: variables:
AUTHORIZATION: "Bearer abcd...789"
CONFORMANCE_IDP_HOSTNAME: conformance-idp.maiv1.incubator.geant.org CONFORMANCE_IDP_HOSTNAME: conformance-idp.maiv1.incubator.geant.org
TEST_CASES: TEST_CASES:
- noSignature - noSignature
...@@ -27,11 +28,13 @@ http: ...@@ -27,11 +28,13 @@ http:
@Host: https://{{CONFORMANCE_IDP_HOSTNAME}} @Host: https://{{CONFORMANCE_IDP_HOSTNAME}}
POST /module.php/conformance/test/setup?testId={{url_encode(TEST_CASE)}}&spEntityId={{url_encode(ENTITY_ID)}} HTTP/1.1 POST /module.php/conformance/test/setup?testId={{url_encode(TEST_CASE)}}&spEntityId={{url_encode(ENTITY_ID)}} HTTP/1.1
Host: {{CONFORMANCE_IDP_HOSTNAME}} Host: {{CONFORMANCE_IDP_HOSTNAME}}
Authorization: {{AUTHORIZATION}}
- | - |
@Host: https://{{CONFORMANCE_IDP_HOSTNAME}} @Host: https://{{CONFORMANCE_IDP_HOSTNAME}}
GET /saml2/idp/SSOService.php?spentityid={{url_encode(ENTITY_ID)}}&ConsumerURL={{url_encode(BaseURL)}} HTTP/1.1 GET /saml2/idp/SSOService.php?spentityid={{url_encode(ENTITY_ID)}}&ConsumerURL={{url_encode(BaseURL)}} HTTP/1.1
Host: {{CONFORMANCE_IDP_HOSTNAME}} Host: {{CONFORMANCE_IDP_HOSTNAME}}
Authorization: {{AUTHORIZATION}}
disable-path-automerge: true disable-path-automerge: true
extractors: extractors:
- type: xpath - type: xpath
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment