Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SAML2 frontend uses weak encryption #337

Closed
melanger opened this issue Sep 29, 2020 · 2 comments
Closed

SAML2 frontend uses weak encryption #337

melanger opened this issue Sep 29, 2020 · 2 comments

Comments

@melanger
Copy link
Contributor

SAML2 frontend relies on the pysaml library, which defaults to RSA with PKCS#1 v1.5 padding (http://www.w3.org/2001/04/xmlenc#rsa-1_5) for assertion encryption. This algorithm should not be used because it is known to be vulnerable. For example, SimpleSAMLphp blocks it by default since version 1.13 released in 2014, so effectively it is not possible to use assertion encryption in SATOSA.
It also uses 3DES (http://www.w3.org/2001/04/xmlenc#tripledes-cbc) which probably should be replaced with AES (http://www.w3.org/2001/04/xmlenc#aes128-cbc or similar).

https://github.com/IdentityPython/pysaml2/blob/d62a10c473f64e389d2d26958c83c83daafe38fd/src/saml2/entity.py#L565
https://github.com/IdentityPython/pysaml2/blob/d62a10c473f64e389d2d26958c83c83daafe38fd/src/saml2/sigver.py#L1834

It is not possible to configure this in SATOSA neither in pysaml, because the encrypt_assertion method does not take the algorithm(s) as arguments. There is a related issue IdentityPython/pysaml2#421 started in 2017 which is still unsolved. There is also a PR for disabling specific algorithms, not yet merged https://github.com/IdentityPython/pysaml2/pull/628/files

Code Version

7.0.1

Expected Behavior

SATOSA should use a reasonably strong encryption by default and it should be possible to configure encryption algorithms.

Current Behavior

SATOSA SAML2 frontend uses vulnerable encryption by default and cannot be configured.

Possible Solution

Change defaults in pysaml and/or make the encrypt_assertion method configurable.

Steps to Reproduce

  1. Configure SATOSA with SAML2 frontend (IdP).
  2. Turn on assertion encryption (encrypt_assertion: true)
  3. Try to use it for example with a SimpleSAMLphp SP.
  4. SimpleSAMLphp fails to decrypt because of the algorithm:
Decryption failed: Algorithm disabled: 'http://www.w3.org/2001/04/xmlenc#rsa-1_5'
@c00kiemon5ter
Copy link
Member

Yes, this is one the high-priority issues for pysaml2 and should be resolved soon. Ideally, we should bump the algos to be stronger, and at the same time offer a configuration option to allow the users to set what they need. The frontend will support this automatically by using a newer pysaml2 version.

I am closing this to move the discussion over to pysaml2.

@hshort
Copy link

hshort commented Feb 2, 2023

Hi @c00kiemon5ter - I was looking for the issue in pysaml2 - is it this? IdentityPython/pysaml2#821
It still seems to be open in pysaml2 so I guess it will be a while before it becomes available in Satosa. This is blocking us (and presumably lots of people) from using Satosa as an IdP since it can't send encrypted assertions to SimpleSAMLPhp or Shibboleth SPs (from what I remember testing). Do you have an estimated timeline?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@c00kiemon5ter @melanger @hshort