This means that if I present to a ServiceProvider A an assertion meant for ServiceProvider B, then the ServiceProvider A shoud reject it.
Well between all other things I tried this very really simple attack against a Slack’s SAML endpoint /sso/saml and guess what? It worked đŸ˜® !!
To be more concrete I used an old and expired (yes the assertion was also expired!!) Github’s Assertion I had saved somewhere in my archive that was signed for a subject different than mine (namely the username was not asanso aka me) and I presented to Slack. Slack happily accepted it and I was logged in Slack channel with the username of this old and expired Assertion that was never meant to be a Slack one!!! Wow this is scary….
Scary indeed. And it isn’t a particularly sophisticated hack either. Slack has now patched the issue.