At Randori, we are constantly adding new capabilities to our automated attack platform. In the course of developing those capabilities for use in production, we sometimes develop in-house tools to aid in testing particular functionality. Today we are releasing one such tool, a Simple SAML identify provider to enable quick and easy testing of SSO application interfaces.
One categorical issue we saw frequently this year was the improper implementation of SAML single sign-on by service providers (e.g. those platforms which integrate with external identity providers to use your organization-wide authentication for logging in) and wanted an easy way to aid in testing the security of our customers’ implementations. Note, service provider, in this case, is a SAML term meaning the software you are testing, not a third party provider in the sense of SaaS. Never test a system you do not own without explicit and proper authorization.
In the course of our research, we developed a small but useful tool that implements a SAML identity provider (IdP). Intended to be trivial to customize at a low level so that malformed or incomplete responses can be generated to test the behavior of service provider implementations, we’ve now made this available for use by the community on Github. This is a security testing tool and doesn’t provide any security in itself, but can be helpful in identifying configuration risks in your environment.
One example of how to use this tool: Your service allows sign-in with SAML, and you’re considering connecting it to your organization-wide SSO (which includes a SAML IdP service, this is highly common among enterprise identity solutions). Using a test deployment of the service, configure it to use this tool (test-saml-idp) for authentication as the SAML IdP. Using the tool, produce various malformed responses to determine if the service exhibits unexpected or unexpected behaviors.
We hope you enjoy this tool and find it useful!
Link to project on Github: https://github.com/RandoriDev/test-saml-idp