Application scanning behind SSO

I was wondering if anyone has scanned an application that is public facing but profiles are authenticated through SAML single sign on?
I’ve tried a few different authentication methods but none have been able to get past the SSO portal in front of the application

Any guidance or advice would be appreciated.

We have found that using traffic works if there isn’t a nonce in the process. If there is, then it can work for a while. I would go with macro or selenium otherwise.

1 Like