Member-only story
Attacking and Defending SAML
Obtaining the ultimate goal — authenticating as any user
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: Appsec | Secure Code | Data Breaches | Pentesting | Bug Bounties
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The first step to attacking SAML based authentication is the same as it was for OAuth, OpenID Connect, and JWTs.
Generally a website is using either OpenID Connect or SAML. They both serve a similar purpose. SAML came first and OpenID connect is supposed to be the new and improved replacement.
The video below from Jump Cloud mentions that OpenID connect does not contain some features of SAML (the Authorization Decision Statement) that help with security. Perhaps that is because authorization is left to the application rather to determine based on scopes and claims vs. having the protocol control that part of the decision making. SAML can be used for authentication alone, leaving…
