Requirements
- there is the conformance IdP
- there is trust between conformance IdP and the target SP
Execution of the test battery for a list of targets
- nuclei will be called with a list of targets = hostnames (e.g. "simplesamlphp-sp.maiv1.incubator.geant.org") and optionally corresponding entityIDs
- if entityID was not provided
- determine entityID from the host (guess a login endpoint, parse SAMLrequest and Issuer from it)
- (continue only if entityID is found)
- execute standardResponse test case ("happy" case)
- (continue only if it succeeded = we got 200 OK and some text)
- iterate over "unhappy" cases (no signature, incorrect signature etc.)
- select a test case using the endpoint
- perform and IdP-initiated login
detect success/failure based on the "happy" case and/or general strings (like "You have been authenticated")
For each test case and target, execute both the "raw http" and [if raw http failed] "headless browser" variant.
This will combine a few nuclei features:
- https://docs.projectdiscovery.io/templates/protocols/code
- https://docs.projectdiscovery.io/templates/protocols/flow
- https://docs.projectdiscovery.io/templates/protocols/multi-protocol
- https://docs.projectdiscovery.io/templates/protocols/http/raw-http
- https://docs.projectdiscovery.io/templates/protocols/headless
- maybe https://docs.projectdiscovery.io/templates/workflows/overview