Course

This course details the exploitation of an insecure SAML implementation that permits attackers to set their own Identity Provider (IDP) without any validation checks on the assertions sent by it. You will learn to create and configure a malicious IDP to deceive the Service Provider into recognizing you as the user admin@libcurl.so. This vulnerability can be exploited to gain unauthorized access by manipulating the SAML settings to accept a malicious SAMLResponse.

To carry out this attack, you will need to set up an IDP and use the certificate fingerprint and IDP URL to configure the SAML settings for your organization on the Service Provider's website. By doing so, you can log in with SAML using a member's email address without requiring a password. This exercise demonstrates the importance of validating SAML assertions to prevent unauthorized access, especially as enterprises increasingly adopt Single Sign-On (SSO) solutions.