Course

In this course, you'll learn how to exploit an insecure SAML implementation to log into a service provider, even when the identity provider attempts to prevent it. The vulnerability exists because the service provider fails to verify the claim in the SAMLResponse, trusting a claim issued for another service provider instead. By tampering with the SAMLRequest from Service Provider #1 and altering the ServiceURL, you can pass a valid claim to Service Provider #2.

The exercise involves decoding and re-encoding the SAMLRequest using URL-decoding, base64 decoding, and Inflate, followed by Deflate, base64 encoding, and URL-encoding. By manipulating the SAMLRequest, you can bypass the identity provider's restrictions and gain unauthorized access to a different service provider. This course highlights the importance of proper validation in SSO implementations to prevent such vulnerabilities from being exploited.