SAML: Introduction
This exercise covers the exploitation of a signature stripping vulnerability in SAML
Security Assertion Markup Language (SAML) is a protocol used to share authentication and authorization data between parties, facilitating Single Sign-On (SSO) between Service Providers (SP) and Identity Providers (IDP). This course provides a comprehensive guide to exploiting vulnerabilities within SAML implementations, showing how an attacker can manipulate SAML responses to gain unauthorized access.
The course delves into the intricacies of SAML, explaining the trust relationship between SPs and IDPs and how this can be exploited if the signature in the SAMLResponse is not verified correctly. Using Burp and the SAML Raider extension, you will learn how to intercept, decode, modify, and forward malicious SAML responses to impersonate users, highlighting the importance of securing SAML implementations to prevent such attacks.