SAML: Trusted Embedded Key

Bookmarked!

This exercise covers the exploitation of a Service Provider (SP) that doesn't check the certificate provided in the SAMLResponse

PRO Medium < 1 Hr. 526 Authentication / Authorization Badge

Course

This course covers the exploitation of an insecure SAML implementation, allowing a malicious user to impersonate another user. The vulnerability arises from the Service Provider's failure to verify the certificate's fingerprint in the SAMLResponse.

Skills covered

Injection Authentication Cryptography

Included with PRO

Full course content 2 videos

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account