saml-sso-assertion-attacks
SAML SSO assertion attack playbook. Use when testing signature validation, assertion wrapping, audience restrictions, ACS handling, XML trust boundaries, and enterprise SSO flaws.
How do I install this agent skill?
npx skills add https://github.com/yaklang/hack-skills --skill saml-sso-assertion-attacksIs this agent skill safe to install?
- Gen Agent Trust Hubpass
This skill is an informational playbook for analyzing SAML SSO security. It provides educational guidance and testing checklists without any executable code or risky operations.
- Socketwarn
1 alert: gptSecurity
- Snykpass
Risk: LOW · No issues
- ZeroLeakspass
Score: 93/100 · 2 sections analyzed
What does this agent skill do?
SKILL: SAML SSO and Assertion Attacks — Signature Validation, Binding, and Trust Confusion
AI LOAD INSTRUCTION: Use this skill when the target uses SAML-based SSO and you need to validate assertion trust: signature coverage, audience and recipient checks, ACS handling, XML parsing weaknesses, and IdP/SP confusion.
1. WHEN TO LOAD THIS SKILL
Load when:
- Enterprise SSO uses SAML requests or responses
- You see
SAMLRequest,SAMLResponse, XML assertions, or ACS endpoints - Login flows involve an external IdP and browser POST/redirect binding
2. HIGH-VALUE MISCONFIGURATION CHECKS
| Theme | What to Check |
|---|---|
| signature validation | unsigned assertion accepted, wrong node signed, signature wrapping |
| audience and recipient | weak Audience, Recipient, Destination, or ACS validation |
| issuer trust | wrong IdP accepted or multi-tenant issuer confusion |
| replay and freshness | missing InResponseTo, weak NotBefore / NotOnOrAfter enforcement |
| account mapping | email-only binding, case folding, unverified attributes |
| XML parser behavior | XXE-like parser issues or unsafe transforms around SAML documents |
3. QUICK TRIAGE
- Capture one full login round trip.
- Inspect which XML nodes are signed and which attributes drive account binding.
- Compare SP-initiated and IdP-initiated flows.
- Test replay, altered attributes, and assertion placement confusion.
4. RELATED ROUTES
- XML parser attack depth: xxe xml external entity
- OAuth or OIDC SSO alternatives: oauth oidc misconfiguration
- Auth boundary issues after SSO: authbypass authentication flaws
How can the creator link this skill?
Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.
<a href="https://skillzs.dev/skills/yaklang/hack-skills/saml-sso-assertion-attacks">View saml-sso-assertion-attacks on skillZs</a>