Penetration test of a single sign-on solution