In my previous blog post (Streamlining Electronic Signatures with Single Sign-on Application), I discussed the utilization of RelayState for context preservation. However, in the realm of cybersecurity, it's crucial to acknowledge the potential risks associated with passing unencrypted strings via RelayState, as it can expose sensitive information to unauthorized parties.
Consider a scenario where an individual manipulates the record ID to provide their signature for a record they lack authorization for, or injects malicious code into your application. In practical terms, your application might require saving more content in the context, meaning that storing this information in plain text could expose even more sensitive data.
A common practice is to generate a random key, map it to the relevant context, and securely store it, typically in a database or cache storage. I prefer to store it in the cache due to the transient nature of the data. There is no need for persistent storage since the electronic signature process is generally brief. Upon receiving the SAML response from the identity provider (IdP), your application can retrieve the context mapped to the random key. This approach ensures that even if an interceptor captures the SAML request, they cannot access sensitive information as the request does not contain any external data. Moreover, since the key is randomly generated, it's virtually impossible for an external entity to replicate it.
Nevertheless, it's essential to pay attention to the content that RelayState brings to you. Be prepared if the returned value is not mapping to any saved context. Treat it as user input and sanitize it before using it.
Top comments (0)