From ba093134dc8325a252261f89b346be3c1ee2f941 Mon Sep 17 00:00:00 2001
From: requin_citron <requin_citron@protonmail.com>
Date: Mon, 28 Apr 2025 18:09:14 +0200
Subject: [PATCH 1/4] dockerfile + patch template o365

---
 Dockerfile         | 10 ++++++++++
 templates/o365.xml |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 Dockerfile

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..5646607
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,10 @@
+FROM python:3.11.12-slim
+
+COPY . /app
+WORKDIR /app
+
+
+RUN pip install --no-cache-dir -r requirements.txt
+
+
+ENTRYPOINT ["python", "/app/ADFSpoof.py"]
\ No newline at end of file
diff --git a/templates/o365.xml b/templates/o365.xml
index b175e0f..7adf61d 100644
--- a/templates/o365.xml
+++ b/templates/o365.xml
@@ -1 +1 @@
-<t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"><t:Lifetime><wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">$TokenCreated</wsu:Created><wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">$TokenExpires</wsu:Expires></t:Lifetime><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>urn:federation:MicrosoftOnline</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><t:RequestedSecurityToken><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="1" AssertionID="$AssertionID" Issuer="http://$AdfsServer/adfs/services/trust" IssueInstant="$TokenCreated"><saml:Conditions NotBefore="$TokenCreated" NotOnOrAfter="$TokenExpires"><saml:AudienceRestrictionCondition><saml:Audience>urn:federation:MicrosoftOnline</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AttributeStatement><saml:Subject><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">$NameIdentifier</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject><saml:Attribute AttributeName="UPN" AttributeNamespace="http://schemas.xmlsoap.org/claims"><saml:AttributeValue>$UPN</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="ImmutableID" AttributeNamespace="http://schemas.microsoft.com/LiveID/Federation/2008/05"><saml:AttributeValue>$NameIdentifier</saml:AttributeValue></saml:Attribute><saml:Attribute xmlns:a="http://schemas.xmlsoap.org/ws/2009/09/identity/claims" AttributeName="insidecorporatenetwork" AttributeNamespace="http://schemas.microsoft.com/ws/2012/01" a:OriginalIssuer="CLIENT CONTEXT"><saml:AttributeValue xmlns:tn="http://www.w3.org/2001/XMLSchema" xmlns:b="http://www.w3.org/2001/XMLSchema-instance" b:type="tn:boolean">false</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="authnmethodsreferences" AttributeNamespace="http://schemas.microsoft.com/claims"><saml:AttributeValue>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AttributeValue></saml:Attribute></saml:AttributeStatement><saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" AuthenticationInstant="$TokenCreated"><saml:Subject><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">$NameIdentifier</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="placeholder"></ds:Signature></saml:Assertion></t:RequestedSecurityToken><t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType><t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType><t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType></t:RequestSecurityTokenResponse>
+<t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"><t:Lifetime><wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">$TokenCreated</wsu:Created><wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">$TokenExpires</wsu:Expires></t:Lifetime><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>urn:federation:MicrosoftOnline</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><t:RequestedSecurityToken><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="1" AssertionID="$AssertionID" Issuer="http://$AdfsServer/adfs/services/trust/" IssueInstant="$TokenCreated"><saml:Conditions NotBefore="$TokenCreated" NotOnOrAfter="$TokenExpires"><saml:AudienceRestrictionCondition><saml:Audience>urn:federation:MicrosoftOnline</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AttributeStatement><saml:Subject><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">$NameIdentifier</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject><saml:Attribute AttributeName="UPN" AttributeNamespace="http://schemas.xmlsoap.org/claims"><saml:AttributeValue>$UPN</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="ImmutableID" AttributeNamespace="http://schemas.microsoft.com/LiveID/Federation/2008/05"><saml:AttributeValue>$NameIdentifier</saml:AttributeValue></saml:Attribute><saml:Attribute xmlns:a="http://schemas.xmlsoap.org/ws/2009/09/identity/claims" AttributeName="insidecorporatenetwork" AttributeNamespace="http://schemas.microsoft.com/ws/2012/01" a:OriginalIssuer="CLIENT CONTEXT"><saml:AttributeValue xmlns:tn="http://www.w3.org/2001/XMLSchema" xmlns:b="http://www.w3.org/2001/XMLSchema-instance" b:type="tn:boolean">false</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="authnmethodsreferences" AttributeNamespace="http://schemas.microsoft.com/claims"><saml:AttributeValue>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AttributeValue></saml:Attribute></saml:AttributeStatement><saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" AuthenticationInstant="$TokenCreated"><saml:Subject><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">$NameIdentifier</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="placeholder"></ds:Signature></saml:Assertion></t:RequestedSecurityToken><t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType><t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType><t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType></t:RequestSecurityTokenResponse>

From 2cd6c24e49c596a3b724a1d9211671d519282dbf Mon Sep 17 00:00:00 2001
From: requin_citron <requin_citron@protonmail.com>
Date: Mon, 16 Mar 2026 09:43:26 +0100
Subject: [PATCH 2/4] Add GLPI command support and corresponding XML template
 for SAML token generation

---
 ADFSpoof.py        | 35 +++++++++++++++++++++++++++++++++++
 templates/glpi.xml | 28 ++++++++++++++++++++++++++++
 2 files changed, 63 insertions(+)
 create mode 100644 templates/glpi.xml

diff --git a/ADFSpoof.py b/ADFSpoof.py
index 4f43579..a7bfa80 100644
--- a/ADFSpoof.py
+++ b/ADFSpoof.py
@@ -49,6 +49,12 @@ def parse_args():
     parser_generic_saml2.add_argument('--assertions', help='The XML assertions for the SAML token', default=None)
     parser_generic_saml2.add_argument('--config', help='JSON file containing generic args', default=None)
 
+    parser_generic_glpi = subparsers.add_parser('glpi')
+    parser_generic_glpi.add_argument('--endpoint', help='The destination/recipient attribute for SAML 2.0 token. Where the SAML token will be sent.', default=None)
+    parser_generic_glpi.add_argument('--nameid', help='The NameIdentifier attribute value', default=None)
+    parser_generic_glpi.add_argument('--rpidentifier', help='The Identifier for the Relying Party', default=None)
+    parser_generic_glpi.add_argument('--config', help='JSON file containing generic args', default=None)
+
     parser_dump = subparsers.add_parser('dump')
     parser_dump.add_argument('--path', help='Filepath where the signing token will be output.', default='token.pfx')
 
@@ -158,6 +164,34 @@ def get_module_params(command):
             }
         params.update(saml2_params)
         name_identifier = "ID"
+    
+    elif command == "glpi":
+        params = {
+            'TokenCreated': token_created,
+            'TokenExpires': token_expires,
+            'AdfsServer': args.server,
+            'AssertionID': args.assertionid,
+            'SubjectConfirmationTime': subject_confirmation_time,
+            'ResponseID': args.responseid,
+            'AuthnInstant': authn_instant
+        }
+
+        if args.config:
+            with open(args.config, 'r') as config_file:
+                data = config_file.read()
+            try:
+                glpi_params = json.loads(data)
+            except json.JSONDecodeError:
+                sys.stderr.write("Could not parse JSON config file for SAML2 token creation. Quitting.\n")
+                die()
+        else:
+            glpi_params = {
+                'SamlEndpoint': args.endpoint,
+                'NameID': args.nameid,
+                'RPIdentifier': args.rpidentifier,
+            }
+        params.update(glpi_params)
+        name_identifier = "ID"
 
     return params, name_identifier
 
@@ -180,6 +214,7 @@ def output_token(token, command):
     if args.command != 'dump':
         params, id_attribute = get_module_params(args.command)
 
+        print("=================",repr(id_attribute))
         token = signer.sign_XML(params, id_attribute, args.algorithm, args.digest)
 
         if args.output:
diff --git a/templates/glpi.xml b/templates/glpi.xml
new file mode 100644
index 0000000..1a0c759
--- /dev/null
+++ b/templates/glpi.xml
@@ -0,0 +1,28 @@
+<samlp:Response ID="$ResponseID" Version="2.0" IssueInstant="$TokenCreated" Destination="$SamlEndpoint" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"
+    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
+    <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://$AdfsServer/adfs/services/trust</Issuer>
+    <samlp:Status>
+        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
+    </samlp:Status>
+    <Assertion ID="$AssertionID" IssueInstant="$TokenCreated" Version="2.0"
+        xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
+        <Issuer>http://$AdfsServer/adfs/services/trust</Issuer>
+        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="placeholder"></ds:Signature>
+        <Subject>
+            <NameID>$NameID</NameID>
+            <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+                <SubjectConfirmationData NotOnOrAfter="$SubjectConfirmationTime" Recipient="$SamlEndpoint"/>
+            </SubjectConfirmation>
+        </Subject>
+        <Conditions NotBefore="$TokenCreated" NotOnOrAfter="$TokenExpires">
+            <AudienceRestriction>
+                <Audience>$RPIdentifier</Audience>
+            </AudienceRestriction>
+        </Conditions>
+        <AuthnStatement AuthnInstant="$AuthnInstant">
+            <AuthnContext>
+                <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef>
+            </AuthnContext>
+        </AuthnStatement>
+    </Assertion>
+</samlp:Response>
\ No newline at end of file

From 27c3453f9d9afcd6161da5e218a4ff2861625beb Mon Sep 17 00:00:00 2001
From: requin_citron <requin_citron@protonmail.com>
Date: Fri, 20 Mar 2026 17:04:44 +0100
Subject: [PATCH 3/4] Add InResponseTo attribute support in SAML response and
 update argument parser

---
 ADFSpoof.py         |  7 +++++--
 templates/saml2.xml | 30 +++++++++++++++++++++++++++++-
 2 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/ADFSpoof.py b/ADFSpoof.py
index a7bfa80..8228725 100644
--- a/ADFSpoof.py
+++ b/ADFSpoof.py
@@ -21,6 +21,7 @@ def parse_args():
     arg_parser.add_argument('-v', '--verbose', help='Verbose Output', default=False)
     arg_parser.add_argument('--assertionid', help='AssertionID string. Defaults to a random string', default=random_string())
     arg_parser.add_argument('--responseid', help='The Response ID. Defaults to random string', default=random_string())
+    arg_parser.add_argument('--inresponseto', help='The InResponseTo attribute (ID from the SP AuthnRequest)', default=None)
     arg_parser.add_argument('-s', '--server', help='Identifier for the federation service. Usually the fqdn of the server. e.g. sts.example.com DO NOT include HTTPS://')
     arg_parser.add_argument('-a', '--algorithm', help='SAML signing algorithm to use', default='rsa-sha256')
     arg_parser.add_argument('-d', '--digest', help='SAML digest algorithm to use', default='sha256')
@@ -143,7 +144,8 @@ def get_module_params(command):
             'AdfsServer': args.server,
             'SubjectConfirmationTime': subject_confirmation_time,
             'ResponseID': args.responseid,
-            'AuthnInstant': authn_instant
+            'AuthnInstant': authn_instant,
+            'InResponseTo': args.inresponseto or ''
         }
 
         if args.config:
@@ -173,7 +175,8 @@ def get_module_params(command):
             'AssertionID': args.assertionid,
             'SubjectConfirmationTime': subject_confirmation_time,
             'ResponseID': args.responseid,
-            'AuthnInstant': authn_instant
+            'AuthnInstant': authn_instant,
+            'InResponseTo': args.inresponseto or ''
         }
 
         if args.config:
diff --git a/templates/saml2.xml b/templates/saml2.xml
index 263daab..ecfb7a7 100644
--- a/templates/saml2.xml
+++ b/templates/saml2.xml
@@ -1 +1,29 @@
-<samlp:Response ID="$ResponseID" Version="2.0" IssueInstant="$TokenCreated" Destination="$SamlEndpoint" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://$AdfsServer/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status><Assertion ID="$AssertionID" IssueInstant="$TokenCreated" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion"><Issuer>http://$AdfsServer/adfs/services/trust</Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="placeholder"></ds:Signature><Subject><NameID Format="$NameIDFormat">$NameID</NameID><SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData NotOnOrAfter="$SubjectConfirmationTime" Recipient="$SamlEndpoint"/></SubjectConfirmation></Subject><Conditions NotBefore="$TokenCreated" NotOnOrAfter="$TokenExpires"><AudienceRestriction><Audience>$RPIdentifier</Audience></AudienceRestriction></Conditions><AttributeStatement>$Assertions</AttributeStatement><AuthnStatement AuthnInstant="$AuthnInstant" SessionIndex="$AssertionID"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>
\ No newline at end of file
+<samlp:Response ID="$ResponseID" Version="2.0" IssueInstant="$TokenCreated" Destination="$SamlEndpoint" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"
+    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
+    <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://$AdfsServer/adfs/services/trust</Issuer>
+    <samlp:Status>
+        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
+    </samlp:Status>
+    <Assertion ID="$AssertionID" IssueInstant="$TokenCreated" Version="2.0"
+        xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
+        <Issuer>http://$AdfsServer/adfs/services/trust</Issuer>
+        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="placeholder"></ds:Signature>
+        <Subject>
+            <NameID Format="$NameIDFormat">$NameID</NameID>
+            <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+                <SubjectConfirmationData InResponseTo="$InResponseTo" NotOnOrAfter="$SubjectConfirmationTime" Recipient="$SamlEndpoint"/>
+            </SubjectConfirmation>
+        </Subject>
+        <Conditions NotBefore="$TokenCreated" NotOnOrAfter="$TokenExpires">
+            <AudienceRestriction>
+                <Audience>$RPIdentifier</Audience>
+            </AudienceRestriction>
+        </Conditions>
+        <AttributeStatement>$Assertions</AttributeStatement>
+        <AuthnStatement AuthnInstant="$AuthnInstant" SessionIndex="$AssertionID">
+            <AuthnContext>
+                <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef>
+            </AuthnContext>
+        </AuthnStatement>
+    </Assertion>
+</samlp:Response>
\ No newline at end of file

From 68e105dad03e0233113c4a59f45b0dd65741522a Mon Sep 17 00:00:00 2001
From: requin_citron <requin_citron@protonmail.com>
Date: Fri, 20 Mar 2026 17:11:03 +0100
Subject: [PATCH 4/4] Add InResponseTo attribute to SAML response

---
 templates/saml2.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/saml2.xml b/templates/saml2.xml
index ecfb7a7..d523f20 100644
--- a/templates/saml2.xml
+++ b/templates/saml2.xml
@@ -1,4 +1,4 @@
-<samlp:Response ID="$ResponseID" Version="2.0" IssueInstant="$TokenCreated" Destination="$SamlEndpoint" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"
+<samlp:Response ID="$ResponseID" InResponseTo="$InResponseTo" Version="2.0" IssueInstant="$TokenCreated" Destination="$SamlEndpoint" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"
     xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
     <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://$AdfsServer/adfs/services/trust</Issuer>
     <samlp:Status>