Vulnerable Service Provider

Attacking SAML implementations

SAML authentication flow

Start SAML authentication

Attacks against the Identity Provider

Exercise: Bypass IdP Verifier 1

Attacks against the Service Provider

Exercise: Bypass SP Verifier 1

Exercise: Bypass SP Verifier 2

Exercise: Bypass SP Verifier 3

Exercise: Bypass SP Verifier 4

Exercise: Bypass SP Verifier 5

Exercise: Bypass SP Verifier 6

Exercise: Bypass SP Verifier 7

Exercise: Bypass SP Verifier 8

Exercise: Bypass SP Verifier 9

Exercise: Bypass SP Verifier 10

Exercise: Bypass SP Verifier 11

Exercise: Bypass SP Verifier 12 (HoK)