SSO bypass and Golden SAML expose the trust chain problem

At a glance

What this is: This is an analysis of how attackers bypass single sign-on through Golden SAML, token forgery, and related trust-chain weaknesses.

Why it matters: It matters because federated authentication can become a single point of failure for every connected application if validation, session governance, and behavioral detection are weak.

By the numbers:

• Organizations typically connect 15-50 applications to their SSO provider.

👉 Read Obsidian Security's analysis of SSO bypass and Golden SAML

Context

Single sign-on reduces friction, but it also creates a concentrated trust layer for identity and access management. When SSO bypass succeeds, the attacker is not breaking into one application, but stepping around the controls that were meant to protect many systems at once. That changes the governance problem from simple authentication hygiene to NHI session trust, token validation, and post-authentication oversight.

The core IAM issue is that federated access often assumes the identity provider remains authoritative and the service provider remains obedient. Golden SAML, signature wrapping, token replay, and misconfiguration abuse all exploit the space between those assumptions. For teams managing NHI and application access, that is a familiar pattern: centralized trust is efficient, but only if every downstream control stays verifiable.

The article's starting position is typical for enterprise environments that have broadly adopted SSO and now need to harden the trust chain rather than redesign access from scratch.

Key questions

Q: How should security teams reduce the risk of SSO bypass attacks?

A: Start with the trust chain, not the login page. Enforce strict SAML and OIDC validation, protect signing keys, remove legacy authentication paths, and monitor post-authentication behaviour. If attackers can forge or replay a token, your main control becomes detection and rapid revocation, not password strength.

Q: Why are Golden SAML attacks so difficult to detect?

A: Golden SAML attacks are hard to detect because they do not create a failed login event. The attacker forges a token that downstream services accept as legitimate, so the identity provider never sees the authentication attempt. Defenders must look for abnormal access patterns after the session begins.

Q: What is the difference between SSO bypass and credential theft?

A: Credential theft compromises the secret used to log in, while SSO bypass attacks the trust mechanism that proves login happened at all. With bypass, an attacker can create or replay an assertion or token that applications accept without ever touching the user's password or MFA prompt.

Q: When should organisations treat an SSO issue as a federation-wide incident?

A: Treat it as federation-wide when signing keys, identity provider admin access, or token issuance logic may be exposed. At that point, one compromise can affect every relying party connected to the provider. Resetting one application is not enough if the trust source itself is suspect.

Technical breakdown

Golden SAML and forged assertions

Golden SAML works when an attacker obtains the identity provider's signing key and uses it to create SAML assertions that service providers accept as genuine. The problem is not password theft but trust subversion: the signature validates, the token looks legitimate, and the application never sees a failed login. Because the identity provider is bypassed entirely, the usual authentication telemetry never fires. That makes SAML one of the highest-risk federated mechanisms when certificate protection is weak or administrative systems are exposed.

Practical implication: Protect signing keys as crown-jewel secrets and treat identity provider compromise as a full-federation incident.

SAML signature validation and XML wrapping failures

Some SSO bypasses do not require the signing key at all. They exploit parser differences, optional validation logic, or XML signature wrapping, where one part of the assertion is validated while another part is used for access decisions. If the application checks the wrong element, accepts unsigned content, or trusts deprecated algorithms, attackers can make a malformed assertion pass as authentic. This is an implementation failure, not a protocol failure, and it usually persists because testing focuses on happy-path login flows rather than adversarial token structure.

Practical implication: Test SAML and OIDC implementations for strict signature, audience, issuer, and timestamp enforcement.

OAuth tokens and session persistence beyond SSO

SSO does not end the trust problem once a user is authenticated. OAuth access tokens and refresh tokens can outlive the original session and keep granting access even after the SSO path is blocked. That creates a hidden persistence layer that bypasses central login controls, especially when applications cache tokens or fail to revoke them promptly. For NHI governance, this is the same class of issue seen with long-lived secrets: the control plane says access is closed, but bearer credentials still work.

Practical implication: Inventory token lifetimes, revocation behavior, and fallback authentication paths across every connected application.

Threat narrative

Attacker objective: The attacker wants durable, cross-application access that looks legitimate to downstream services while avoiding the identity provider's normal checks.

1. Entry occurs through compromise of the identity provider, weak SAML validation, or theft of a signing certificate or session token.
2. Escalation happens when the attacker forges assertions or replays tokens that downstream applications accept as valid.
3. Impact is broad access across connected applications without triggering the normal authentication failure signals.

Breaches seen in the wild

• Salesloft OAuth token breach — hackers stole OAuth tokens to access Salesforce data via Salesloft.
• Internet Archive breach — unsecured GitLab authentication tokens exposed 31M Internet Archive accounts.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

The real problem is not SSO itself, but the trust debt created when every application inherits the same authentication assumption. Centralization lowers user friction, but it also concentrates failure into a single federation layer. When that layer accepts forged or replayed identity artifacts, the whole application estate inherits the compromise. Practitioners should treat federated trust as a governance control that needs continuous verification, not a one-time deployment decision.

Golden SAML is a named example of identity blast radius. Once the signing key or equivalent trust material is exposed, one compromise can impersonate any user to any relying party. That is structurally different from password theft, which is usually narrower and noisier. The implication for NHI security is clear: the value of the trust artifact matters as much as the account behind it, and certificate protection must be designed accordingly.

SSO bypass exposes the limits of authentication-centric monitoring. If the attack never produces a failed login, then alerting that depends on authentication errors is already too late. Behavioural detection, token lifecycle controls, and post-authentication anomaly review become the primary defensive layer. Teams that still equate identity security with login success rates are missing the real control gap.

Legacy fallback paths often matter as much as the primary SSO flow. Emergency accounts, unmanaged local authentication, and older protocols create alternate doors that bypass federation controls altogether. Those paths are usually justified as resilience measures, but they become governance liabilities when they are not monitored and periodically tested. Practitioners should assume any unreviewed bypass path will eventually be used as an attack path.

SSO security for NHI and human identities now converges on the same principle: every bearer credential needs lifecycle control. Tokens, certificates, and delegated sessions should be governed with the same discipline applied to privileged NHI secrets. The lesson is not to abandon SSO, but to stop treating federation as a substitute for identity governance.

From our research:

• 64% of valid secrets leaked in 2022 are still valid and exploitable today, proving that detection alone is not enough without automated revocation, according to The State of Secrets Sprawl 2026.
• AI-related credential leaks surged 81.5% year-over-year in 2025, with the surrounding AI infrastructure leaking 5x faster than core LLM providers.
• For a broader governance lens, Top 10 NHI Issues helps teams prioritise the identity controls most likely to fail under token and secret sprawl.

What this signals

Identity trust has become a blast-radius problem, not just an authentication problem. When one signing key or bearer token can unlock every connected application, SSO becomes a force multiplier for both defenders and attackers. For programmes managing NHI and human identities together, that means lifecycle control, revocation speed, and alerting around anomalous post-authentication activity must be treated as core control objectives. The relevant lens is OWASP NHI Top 10, because trust abuse and token misuse are converging across identity types.

With 64% of valid secrets leaked in 2022 still exploitable today, stale credentials are already a governance failure mode. That finding is directly relevant to SSO bypass because forged or replayed tokens behave like secrets with a longer-than-intended life. The practical lesson is to shorten trust windows, test revocation, and verify that downstream applications actually honour upstream disablement.

Teams should expect more attacks against the edges of federation, not just the core IdP. Legacy protocols, fallback accounts, and application-specific session handling will keep creating bypass opportunities even when the central SSO platform is well managed. For practitioners, the next step is to align SSO review cycles with NIST Cybersecurity Framework 2.0 functions for protect, detect, respond, and recover, then map where trust is still implicit.

For practitioners

• Audit every SSO bypass path Map identity provider compromises, legacy protocols, emergency accounts, and application-specific auth fallbacks so you know where federation is not the only door. Prioritise paths that never pass through central logging or conditional access enforcement.
• Harden SAML and OIDC validation Enforce signature checks, issuer and audience validation, timestamp limits, and modern cryptography on every relying party. Fail closed if assertions are unsigned, malformed, or issued outside policy.
• Treat signing certificates as high-value secrets Store IdP signing keys in tightly controlled infrastructure, monitor all administrative access, and rotate credentials after any suspected compromise. A stolen signing key turns a single compromise into federation-wide impersonation.
• Build detection around post-authentication behavior Alert on unusual application access, impossible travel, bulk data access, and session patterns that do not match a user's historical behaviour. Forged assertions often look normal at login and abnormal only after access begins.
• Review token lifetimes and revocation Shorten refresh token lifetimes where possible, verify revocation actually propagates, and confirm that application sessions terminate when the upstream identity is blocked. Bearer tokens that survive policy changes extend attacker dwell time.

Key takeaways

• SSO bypass turns centralized authentication into a concentrated failure domain when trust artifacts are stolen, forged, or misvalidated.
• Behavioural detection matters because successful bypasses often produce clean login logs and only become visible after access begins.
• Practitioners should focus on token lifecycle control, strict validation, and elimination of fallback paths that escape federation governance.

Key terms

• Golden SAML: Golden SAML is an attack in which an adversary obtains the SAML signing key or equivalent trust material and forges assertions that service providers accept as legitimate. It bypasses the identity provider's normal authentication flow and can impersonate any user across federated applications.
• SAML signature wrapping: SAML signature wrapping is an XML manipulation technique where one element is validated by the signature check while a different element is used by the application for access decisions. The result is a token that appears valid to the service provider but carries attacker-controlled identity data.
• Federated trust chain: A federated trust chain is the set of assumptions linking the identity provider, the assertion or token, and the service provider. In practice, it means downstream applications trust upstream authentication events, so a single weak link can undermine the entire access model.

Deepen your knowledge

SSO bypass, token validation, and identity trust-chain governance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your programme is already managing federated access at scale, it is worth exploring.

This post draws on content published by Obsidian Security: SSO Bypass and Golden SAML token forgery. Read the original.