Application scanning behind SSO

klewis · August 1, 2022, 7:19pm

Greetings
I was wondering if anyone has scanned an application that is public facing but profiles are authenticated through SAML single sign on?
I’ve tried a few different authentication methods but none have been able to get past the SSO portal in front of the application

Any guidance or advice would be appreciated.

matt_pardo_r7 · September 7, 2022, 2:54pm

We have found that using traffic works if there isn’t a nonce in the process. If there is, then it can work for a while. I would go with macro or selenium otherwise.