Single Sign-On Pentest

Protect Your Users & Applications

What are the entry points for attackers associated with Single Sign-On?

Nowadays, an increasing number of applications rely on the Single Sign-On (SSO) for user authentication. The procedure enables users to log in to multiple applications via a trusted provider (identity provider), such as Google or Facebook. Solutions based on well-known standards such as OpenID Connect 1.0, OAuth 2.0 or SAML are frequently used for this purpose. Thus, the login data is not stored by the actual application (service provider), but only by the identity provider.

This authentication method is already widespread in private life, but it is also being increasingly used in the corporate context and has become an essential component of identity and access management in companies and software solutions. Misconfigurations or weaknesses in the implemented solution can have serious consequences, including the loss of confidentiality, integrity and availability of application and user data.

During our pentest, our security analysts comprehensively check your SSO solution for these vulnerabilities so that you can subsequently fix them.

Common single sign-on vulnerabilities include:

  • Lack of validation during forwarding after successful login
  • Extension of user rights due to lack of access controls
  • Use of weak JWT secrets
  • Use of outdated and insecure Authentication and Authorization flows

What is our approach to Single Sign-On Pentests?

Our pentests are conducted according to a standardized approach,  which is enhanced by specific aspects for single sign-on pentests:

Each SSO solution arises from the interaction between service provider and identity provider. Hence, an in-depth analysis of your SSO solution requires a profound understanding of the application and the underlying SSO standard. The initial basis of our pentest are the test accounts provided for various roles, which give our security analysts access to the application and thus enable the analysis of the authentication and authorization flow. Our security analysts perform a comprehensive review of your SSO solution for potential vulnerabilities and compliance with best practices, such as the OAuth 2.0 Security Best Current Practice.

What checks are included during the Single Sign-On Pentest?

The following checks are carried out during Single Sign-On Pentests:

  • Authentication process in compliance with all security best practices
  • Identification of exposed sensitive data within the token, URL, or application
  • Analysis of the interaction between users, identity providers and service providers
  • Misconfiguration when using off-the-shelf software such as Keycloak or AWS Cognito
  • Search for known vulnerabilities
  • Exploitation of identified vulnerabilities using available or customized exploits (as agreed)
  • Verification of signature validation for JWTs and SAML

The Single Sign-On method holds opportunities but also many risks. For a better understanding of the authentication method, we offer optional training courses on Single Sign-On (SSO). Here we provide you with the basics and best practices. During the one-day workshop, participants configure an identity provider, create an application and learn how to link the two as securely as possible.

Are your systems protected against hackers?

We would be happy to advise you on your options for having your Single Sign-On solution checked by our security analysts. Just get in touch with us.

More Insights

Pentest: Our standardized approach

Pentest: Your benefits at a glance

Single Sign-on: Usage. Risks. Tips for more Security



Please contact us with any questions or queries.


Phone: +49 6102 8631-190
Contact Form


Daniel Heyne
usd Team Lead Sales,
Security Consultant Pentest, OSCP, OSCE