Golden SAML.

An identity-attack technique that steals a federation IdP's token-signing private key (typically from AD FS) and forges arbitrary SAML responses, granting persistent, MFA-bypassing access to any federated service. It belongs to the Identity & Access category of cybersecurity.

An identity-attack technique that steals a federation IdP's token-signing private key (typically from AD FS) and forges arbitrary SAML responses, granting persistent, MFA-bypassing access to any federated service.

Golden SAML was disclosed by CyberArk Labs in 2017 and shot to prominence as a documented technique used in the 2020 SolarWinds-Sunburst intrusions. The attack assumes a federated identity model: an on-premises identity provider (most often Microsoft AD FS) signs SAML responses with a private token-signing key whose public counterpart is trusted by every relying party — Microsoft 365, AWS, Salesforce, Workday, and so on. An attacker who reaches AD FS with sufficient privilege (Domain Admin, AD FS service account) can extract that private key and then sign SAML responses for any user, any group memberships, with no need to log in to the IdP at all. Because the resulting tokens are cryptographically valid, MFA prompts, password resets, and account lockouts are bypassed; revocation requires rotating the token-signing certificate and re-establishing trust with every relying party. Defensive controls focus on hardening AD FS (HSM-backed signing keys, restricted Tier-0 access, monitoring of `Microsoft-Windows-Security-Auditing` 410/411 events), migrating to cloud-native IdPs (Entra ID with no AD FS), and detecting anomalous SAML assertions at relying parties (e.g. impossible NameID claims, unfamiliar issuers, sudden first-seen IPs).

Defences for Golden SAML typically combine technical controls and operational practices, as detailed in the full definition above.

Common alternative names include: Golden SAML attack.