Appendix D. Securing SAML assertions
In chapter 8, we introduced SAML assertions that can be used to communicate the findings of a security service. Since service endpoints depend on SAML assertions to identify users and make other security decisions, we should secure those assertions, too, in particular against the following threats:
- Forgery and tampering An attacker may submit a completely forged assertion. Or, he may tamper with the information in an assertion created by the security service. In use case #2 we described in section 8.2.2, the source endpoint can add an AttributeStatement (or alter it) in the assertion returned by the security service to make itself a member of the administrators group.
- Replaying An assertion can be captured ...