The Fragile Lock: Novel Bypasses For SAML Authentication

TLDR This post shows how to achieve a full authentication bypass in the Ruby and PHP SAML ecosystem by exploiting several parser-level inconsistencies: including attribute pollution, namespace confusi

---

文章来源: https://portswigger.net/research/the-fragile-lock