Skip to content
Snippets Groups Projects
Commit ef71c251 authored by Pavel Břoušek's avatar Pavel Břoušek
Browse files

Merge branch 'authorization' into 'main' 

authorization

See merge request !2
parents d3ce889c e8387879
No related branches found
No related tags found
1 merge request!2authorization
Hide whitespace changes
Inline Side-by-side
README.md
+ 3
2
View file @ ef71c251
...@@ -38,14 +38,14 @@ Then you need to connect SPs to the conformance IdP (exchange metadata), so that ...@@ -38,14 +38,14 @@ Then you need to connect SPs to the conformance IdP (exchange metadata), so that
Run against one target: Run against one target:
```sh ```sh
nuclei -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" \ nuclei -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" -V "AUTHORIZATION=AUTHORIZATION_HERE" \
-duc -ms -t nuclei-templates/ -nmhe -lna -dka 30 -dt 30 -duc -ms -t nuclei-templates/ -nmhe -lna -dka 30 -dt 30
``` ```
or using docker: or using docker:
```sh ```sh
docker run --rm -v ./:/app/ projectdiscovery/nuclei -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" \ docker run --rm -v ./:/app/ projectdiscovery/nuclei -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" -V "AUTHORIZATION=AUTHORIZATION_HERE" \
-duc -ms -t /app/nuclei-templates/ -nmhe -lna -dka 30 -dt 30 -duc -ms -t /app/nuclei-templates/ -nmhe -lna -dka 30 -dt 30
``` ```
...@@ -53,6 +53,7 @@ where ...@@ -53,6 +53,7 @@ where
* `ACS_URL_HERE` is the assertion consumer service endpoint URL * `ACS_URL_HERE` is the assertion consumer service endpoint URL
* `ENTITY_ID_HERE` is the entity ID of the SP * `ENTITY_ID_HERE` is the entity ID of the SP
* `AUTHORIZATION_HERE` is the authorization header, e.g. `Bearer abcd...789`
It is expected that the SP will return HTTP code 200/302/303 on success It is expected that the SP will return HTTP code 200/302/303 on success
and a different HTTP code on failure (e.g. when SAML response is not signed). and a different HTTP code on failure (e.g. when SAML response is not signed).
......
nuclei-templates/saml-raw.yaml
+ 3
0
View file @ ef71c251
...@@ -5,6 +5,7 @@ info: ...@@ -5,6 +5,7 @@ info:
severity: high severity: high
tags: saml tags: saml
variables: variables:
AUTHORIZATION: "Bearer abcd...789"
CONFORMANCE_IDP_HOSTNAME: conformance-idp.maiv1.incubator.geant.org CONFORMANCE_IDP_HOSTNAME: conformance-idp.maiv1.incubator.geant.org
TEST_CASES: TEST_CASES:
- noSignature - noSignature
...@@ -27,11 +28,13 @@ http: ...@@ -27,11 +28,13 @@ http:
@Host: https://{{CONFORMANCE_IDP_HOSTNAME}} @Host: https://{{CONFORMANCE_IDP_HOSTNAME}}
POST /module.php/conformance/test/setup?testId={{url_encode(TEST_CASE)}}&spEntityId={{url_encode(ENTITY_ID)}} HTTP/1.1 POST /module.php/conformance/test/setup?testId={{url_encode(TEST_CASE)}}&spEntityId={{url_encode(ENTITY_ID)}} HTTP/1.1
Host: {{CONFORMANCE_IDP_HOSTNAME}} Host: {{CONFORMANCE_IDP_HOSTNAME}}
Authorization: {{AUTHORIZATION}}
- | - |
@Host: https://{{CONFORMANCE_IDP_HOSTNAME}} @Host: https://{{CONFORMANCE_IDP_HOSTNAME}}
GET /saml2/idp/SSOService.php?spentityid={{url_encode(ENTITY_ID)}}&ConsumerURL={{url_encode(BaseURL)}} HTTP/1.1 GET /saml2/idp/SSOService.php?spentityid={{url_encode(ENTITY_ID)}}&ConsumerURL={{url_encode(BaseURL)}} HTTP/1.1
Host: {{CONFORMANCE_IDP_HOSTNAME}} Host: {{CONFORMANCE_IDP_HOSTNAME}}
Authorization: {{AUTHORIZATION}}
disable-path-automerge: true disable-path-automerge: true
extractors: extractors:
- type: xpath - type: xpath
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment