Skip to content

glen-kurtz/VulnerableSAMLApp

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
vulnerableidp
vulnerableidp
 
 
vulnerablesp
vulnerablesp
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

Vulnerable SAML infrastructure.

The purpose of these applications is to showcase how certain vulnerable configurations can be exploited to allow a user to change there permissions, name, etc. within an application. OneLogins python SAML library was utilized for this. In order for some of these vulnerable configurations to work the library was heavily modified.

This configuration contains two docker images. The first one vulnerableidp is an identity provider. It contains a 'database' with two users. One an administrator and another low priviledge user.

To spin up these docker images is fairly easy. Just run:

docker-compose up

The images will build and then the web application will be hosted at http://127.0.0.1:8000

To login as an unpriviledged user:

Username: yogi
Password: bear

Admin user:

Username: admin
Password: adminpassword

To upgrade priviledges after logging in as the 'yogi' user change the group membership in the SAML message from 'users' to 'admin'

More details/instructions are in the works.

Shout out to E.D. for initial dockerization of the idp.

About

Vulnerable SAML infrastructure training applicaiton

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Python 81.8%
  • PHP 14.7%
  • HTML 2.9%
  • Other 0.6%