To add a user to IAM Identity Center
why are we adding users, is because we need to bind permission sets to a logical entity inside aws IAM identity center also. Unless we don't have this logical entity, IAM identity center can't bind permission sets/permission policies to actual users present in Google Workspace. There needs to be one-to-one mapping b/w the logical entities and the actual users. Using ssosync, we can automate the process of user creation.
However, this is not yet supported for Google Workspace custom SAML applications.
this is old
How can this process be exploited? Basically, by passing an arbitrary nested object to the readObject() function, forcing the application to instantiate a chain of POP gadgets that will lead to an RCE.
So this is how gadget chains function, since readObject has to recursively read and instantiate the property. In this process the nested gadgets/classes are also instantiated leading to sink gadget.