Black Hat Europe 2025 | The Fragile Lock: Novel Bypasses For SAML Authentication

SAML2 has been the backbone of enterprise single sign-on for over 20 years. Behind its familiar facade lies a chaotic mix of legacy specifications, fragile XML processing, and false assurances of security. Despite endless patches and best practices, the protocol continues to collapse under the weight of its own complexity.

In this talk, I will show you how to bypass authentication using subtle flaws in XML handling. I will introduce several previously unpublished techniques that enable the crafting of reliable, stealthy exploits against SAML implementations that appear secure on the surface.

I will also release an open-source toolkit designed to identify and exploit these vulnerabilities in real-world SAML deployments.

It is time to stop patching the unpatchable and start questioning the protocol itself.

By: Zak Fedotkin | Researcher, PortSwigger

https://blackhat.com/eu-25/briefings/schedule/?#the-fragile-lock-novel-bypasses-for-saml-authentication-49262Black HatRead More