saml
CommunityAnalyze and harden SAML authentication flows
Authorxalgord
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps security engineers and penetration testers identify and analyze protocol-level vulnerabilities in SAML authentication flows, including malformed assertions, metadata weaknesses, and binding-specific weaknesses, enabling authorized validation and remediation of SAML deployments.
Core Features & Use Cases
- Flow Analysis: Decode and inspect SP-initiated and IdP-initiated SAMLRequest and SAMLResponse payloads to verify InResponseTo, assertion conditions, and signature placement.
- Metadata & Certificate Extraction: Extract and analyze SP/IdP metadata to find exposed ACS endpoints, signing certificates, and entity IDs useful for golden SAML assessments or misconfiguration checks.
- Binding-Specific Testing: Differentiate testing approaches for HTTP-POST and HTTP-Redirect bindings including deflate/base64 decoding and injection surfaces.
- Use Case: During an authorized penetration test, use this Skill to decode a captured SAMLResponse, validate its signature and timestamps, and enumerate metadata for missing protections or exploitable endpoints.
Quick Start
Analyze the provided SAMLResponse and SP/IdP metadata and list any assertion signature issues, missing InResponseTo checks, or binding-specific misconfigurations that could be exploited.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: saml Download link: https://github.com/xalgord/xalgorix/archive/main.zip#saml Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.