Use of SAML

This detector identifies the use of Security Assertion Markup Language (SAML) for authentication and authorization. SAML is an XML-based standard for exchanging authentication and authorization data between identity providers and service providers, commonly used for enterprise single sign-on implementations.

SAML detection is informational and helps identify the authentication mechanism in use. While SAML itself is a legitimate security standard, improper implementation can introduce vulnerabilities such as XML signature wrapping attacks, assertion replay, insufficient encryption, or weak signature validation. Knowing that SAML is in use allows security teams to focus testing on SAML-specific attack vectors and ensure proper configuration of signature verification, encryption, and assertion validation.

Ensure SAML implementation follows security best practices including proper XML signature validation, assertion encryption for sensitive attributes, strict certificate validation, response replay prevention through assertion IDs and timestamps, and protection against XML signature wrapping attacks. Regularly update SAML libraries to address known vulnerabilities and configure short assertion validity windows to limit replay attack opportunities.