SKILL: SAML SSO and Assertion Attacks — Signature Validation, Binding, and Trust Confusion

AI LOAD INSTRUCTION: Use this skill when the target uses SAML-based SSO and you need to validate assertion trust: signature coverage, audience and recipient checks, ACS handling, XML parsing weaknesses, and IdP/SP confusion.

1. WHEN TO LOAD THIS SKILL

Load when:

• Enterprise SSO uses SAML requests or responses
• You see SAMLRequest, SAMLResponse, XML assertions, or ACS endpoints
• Login flows involve an external IdP and browser POST/redirect binding

2. HIGH-VALUE MISCONFIGURATION CHECKS