You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+3-4Lines changed: 3 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -139,9 +139,9 @@ a trusted and expected URL.
139
139
140
140
Read more about Open Redirect [CWE-601](https://cwe.mitre.org/data/definitions/601.html).
141
141
142
-
### Avoiding Reply attacks ###
142
+
### Avoiding Replay attacks ###
143
143
144
-
A reply attack is basically try to reuse an intercepted valid SAML Message in order to impersonate a SAML action (SSO or SLO).
144
+
A replay attack is basically try to reuse an intercepted valid SAML Message in order to impersonate a SAML action (SSO or SLO).
145
145
146
146
SAML Messages have a limited timelife (NotBefore, NotOnOrAfter) that
147
147
make harder this kind of attacks, but they are still possible.
@@ -152,8 +152,7 @@ we don't need to store all processed message/assertion Ids, but the most recent
152
152
153
153
The OneLogin_Saml2_Auth class contains the [get_last_request_id](https://github.com/onelogin/python3-saml/blob/ab62b0d6f3e5ac2ae8e95ce3ed2f85389252a32d/src/onelogin/saml2/auth.py#L357), [get_last_message_id](https://github.com/onelogin/python3-saml/blob/ab62b0d6f3e5ac2ae8e95ce3ed2f85389252a32d/src/onelogin/saml2/auth.py#L364) and [get_last_assertion_id](https://github.com/onelogin/python3-saml/blob/ab62b0d6f3e5ac2ae8e95ce3ed2f85389252a32d/src/onelogin/saml2/auth.py#L371) methods to retrieve the IDs
154
154
155
-
Checking that the ID of the current Message/Assertion does not exists in the lis of the ones already processed will prevent reply
156
-
attacks.
155
+
Checking that the ID of the current Message/Assertion does not exists in the lis of the ones already processed will prevent replay attacks.
0 commit comments