Critical SAML Protocol Flaws Enable XXE Injection and Signature Bypass via SAMLResponse Manipulation

Security researchers have documented two distinct attack vectors targeting SAML (Security Assertion Markup Language) implementations, a widely deployed XML-based single sign-on protocol used across enterprise SaaS platforms, Identity Provider integrations, and federated authentication systems. The findings highlight systemic vulnerabilities that could expose organizations relying on SAML-based authentication to remote file access, out-of-band data exfiltration, and authentication bypass.

The first attack class, XXE via SAML, exploits a critical parsing flaw: when a service provider base64-decodes and processes a SAMLResponse submitted via POST body without properly disabling external entity expansion, an attacker can embed malicious XML entities within the encoded payload. The attack vector differs from generic XXE probes because the malicious content arrives form-encoded as `SAMLResponse=<base64>` rather than standard `application/xml`. Successful exploitation can trigger in-band file reads—such as retrieving `/etc/passwd`—or establish out-of-band DNS callbacks for data extraction.

The second vector, SAML Signature Wrapping (XSW), encompasses eight canonical variants (XSW1-XSW8) that exploit the way XML signature validation handles document structure. An attacker with access to a valid, signed SAMLResponse can clone the legitimate `<Assertion>` element, inject a fraudulent identity, and reorder XML nodes so that cryptographic signature validation checks the original signed node while the application processes the attacker-controlled replica. This technique allows authentication bypass without requiring private key compromise, targeting implementations that validate signatures separately from assertion content consumption.

The attack surface spans multiple enterprise programs, particularly those involving SaaS platforms, cloud identity integrations, and federated login infrastructure. Organizations evaluating SAML-based authentication should verify that parsing libraries disable external entity expansion and that signature validation includes structural integrity checks beyond cryptographic correctness.