Skip to main content

Golden SAML

Status: Scaffold — content in progress

ATT&CK: T1606.002 — Forge Web Credentials: SAML Tokens
Platforms: Any SAML 2.0 federation
Severity: Critical

What It Exploits

SAML assertions are signed by the Identity Provider using its private key. Service Providers trust any assertion with a valid signature. If the attacker obtains the IdP's SAML signing private key, they can forge assertions for any user in any SP that trusts the IdP — bypassing all authentication controls.

This is the cloud equivalent of a Golden Ticket. No authentication required. Works even if victim's password is changed or MFA is required.

Attack Flow

1. Compromise the IdP (ADFS server, Entra ID Connect server, or obtain IdP cert from AD)
   # ADFS: extract signing cert
   Get-AdfsProperties | Select-Object -ExpandProperty SigningCertificate
   # Or via Mimikatz on ADFS server: crypto::certificates

2. Forge SAML assertion for target user (e.g., Global Admin)
   # Using ADFSpoof or similar tool
   python ADFSpoof.py -b adfs.pfx -s adfs.contoso.com --DomainSID S-1-5-... --Role "Company Administrator"

3. Present forged assertion to SP (Azure, Salesforce, AWS Console)
   # Inject into SAML SP-initiated or IdP-initiated flow

CTI Examples

SUNBURST / SolarWinds supply chain attack (2020) — Attributed to APT29 (Cozy Bear / Midnight Blizzard). Attackers compromised ADFS servers at target organizations to steal SAML signing certificates and forge Golden SAML tokens to access Microsoft 365 environments without triggering MFA.

Evidence label: Observed | Confidence: High | Source reliability: A1
Sources: Microsoft, CrowdStrike, Mandiant, NSA/CISA advisory (corroborated across multiple authoritative reports)

Why It's Catastrophic

  • MFA-independent: IdP signing key forges the entire authentication assertion
  • Persistence: Valid until the signing certificate is replaced
  • Scope: Every SP that trusts the IdP is compromised
  • Low visibility: Forged assertions look legitimate — valid signature, normal format

Detection Challenges

  • Assertions signed with a legitimate (but stolen) key pass standard validation
  • Forged assertions may include unusual attribute values
  • ADFS / IdP logs may show assertion issuance without corresponding authentication event

Mitigations

  • Protect ADFS servers as Tier 0 assets (same as DCs)
  • Monitor SAML signing certificate access
  • Certificate rotation if compromise suspected
  • Entra ID: use cloud-only Global Admins to limit hybrid exposure
TopicLink
SAML Protocolsaml
Detectiondetect-golden-saml
Hybrid Golden SAML Scenariohybrid-golden-saml