SMCONSUMERURL Query Parameter Subject to Malicious Modification (76739)

Release Notes › SAML Affiliate Agent Release Notes › Defects Fixed for SAML Affiliate Agent 6.x › Defects Fixed for SAML Affiliate Agent 6.x QMR 5 › SMCONSUMERURL Query Parameter Subject to Malicious Modification (76739)

SMCONSUMERURL Query Parameter Subject to Malicious Modification (76739)

Symptom:

For SAML 1.x artifact binding, the SMCONSUMERURL query parameter of SAML1.x authentication URL can be exploited and the user can be redirected to a malicious site.

Solution:

To prevent any malicious modification of URLs, specify a value for the Consumer URL setting for the affiliate object. This value is set using the Policy Server User Interface. The Consumer URL takes precedence over SMCONSUMERURL query parameter.

For SAML1.0, the consumer URL must be set to the SSLInterceptorURL specified in SAML Affiliate Agent configuration. This is set to: https://fqdn:port/smafa/amts/test1.htm
For SAML 1.1 artifact when SM is at the consumer site, the Consumer URL must be set to: http(s)://fqdn:port/affwebservices/public/samlcc

Email CA Technologies about this topic