Hey there!
I stuck for a few days on Weak Public/Private Keys section of the Attacking Authentication Mechanisms module 
, still can’t receive the JWT from the response.
I have:
imported pub.crt and private.pem;
changed logged in username value to hackme;
assertions successfully signed
however my request still attempting to redirect me back to the root web directory.
Can someone tell me what have I missed ?
Same here
I had the same problem spent like 3-4 hours trying to figure it out. What worked for me was opening a private window and authenticating to the identity provider and trying the exploit immediately after.
Whenever i authenticated to the identity provider and then logged out and then logged back in automatically and then tried running the exploit it didnt work for me.
So try opening a private window so the idp won’t automatically remember you and log you in and try running the exploit after freshly authenticating to the idp.