SAML: SAMLResponse forwarding

Bookmarked!

This exercise covers how to pass the SAMLResponse from one Service Provider to another

PRO Medium < 1 Hr. 523 Authentication / Authorization Badge

Course

This course demonstrates exploiting an insecure SAML implementation, allowing attackers to log into a service provider despite the identity provider's restrictions. The vulnerability arises because the service provider does not verify the claim in the SAMLResponse.

Skills covered

Injection Authentication Cryptography

Included with PRO

Full course content 1 video

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account