diff --git a/README.md b/README.md
index 8c35b7727558ccd00c45095a3b6e1c209adc5e64..d3e8cf5918665e6c01b43e93e19ec38b0643fda6 100644
--- a/README.md
+++ b/README.md
@@ -38,14 +38,14 @@ Then you need to connect SPs to the conformance IdP (exchange metadata), so that
 Run against one target:
 
 ```sh
-nuclei -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" -V "AUTHORIZATION=AUTHORIZATION_HERE" \
+nuclei --headless -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" -V "AUTHORIZATION=AUTHORIZATION_HERE" \
     -duc -ms -t nuclei-templates/ -nmhe -lna -dka 30 -dt 30
 ```
 
 or using docker:
 
 ```sh
-docker run --rm -v ./:/app/ projectdiscovery/nuclei -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" -V "AUTHORIZATION=AUTHORIZATION_HERE" \
+docker run --rm -v ./:/app/ projectdiscovery/nuclei --headless -u ACS_URL_HERE -V "ENTITY_ID=ENTITY_ID_HERE" -V "AUTHORIZATION=AUTHORIZATION_HERE" \
     -duc -ms -t /app/nuclei-templates/ -nmhe -lna -dka 30 -dt 30
 ```
 
diff --git a/nuclei-templates/saml-headless.yaml b/nuclei-templates/saml-headless.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..4cb596a2f578d7d4c66fdce444ab4a17e8128278
--- /dev/null
+++ b/nuclei-templates/saml-headless.yaml
@@ -0,0 +1,71 @@
+id: saml-headless-all
+info:
+  name: SAML signature validation
+  author: T&I Incubator, GÉANT
+  severity: high
+  tags: saml,headless
+variables:
+  AUTHORIZATION: "Bearer abcd...789"
+  CONFORMANCE_IDP_HOSTNAME: conformance-idp.maiv1.incubator.geant.org
+  RESULT_OUTPUT_DIR: ""
+  FILENAME: '{{date_time("%Y-%M-%D_%H-%m-%s")}}-{{replace_regex(BaseURL,"(\\W+)","_")}}'
+  TEST_CASES:
+    - noSignature
+    - invalidSignature
+  TEST_CASE: standardResponse # default
+
+# first test standard response, then each test case
+flow: |
+  headless();
+  set("VALID_STATUS_CODE", template["http_status_code"]);
+  set("VALID_BODY", template["http_body"]);
+  for (let testcase of iterate(template["TEST_CASES"])) {
+    set("TEST_CASE", testcase);
+    headless();
+  }
+
+headless:
+  - steps:
+    - action: setheader
+      args:
+        part: request
+        key: Authorization
+        value: "{{AUTHORIZATION}}"
+    - action: navigate
+      args:
+        url: "https://{{CONFORMANCE_IDP_HOSTNAME}}/module.php/conformance/test/setup?testId={{url_encode(TEST_CASE)}}&spEntityId={{url_encode(ENTITY_ID)}}"
+    - action: waitload
+    - action: navigate
+      args:
+        url: "https://{{CONFORMANCE_IDP_HOSTNAME}}/saml2/idp/SSOService.php?spentityid={{url_encode(ENTITY_ID)}}&ConsumerURL={{url_encode(BaseURL)}}"
+    - action: waitload
+    - action: screenshot
+      args:
+        fullpage: "true"
+        mkdir: "true"
+        to: '{{RESULT_OUTPUT_DIR}}{{TEST_CASE}}-{{FILENAME}}'
+    matchers:
+      - type: dsl
+        dsl:
+          # ignore the happy case
+          - '!contains(TEST_CASE, "standardResponse")'
+          # does not work yet, nuclei does not expose the correct values for matchers
+          #- 'status_code == 200 || status_code == 301 || status_code == 302'
+        condition: and
+      # not usable, matches every time
+      #- type: status
+        #status:
+          #- 200
+          #- 301
+          #- 302
+      - type: word
+        part: resp
+        negative: true
+        words:
+          - error
+          - exception
+    matchers-condition: and
+    extractors:
+      - type: dsl
+        dsl:
+          - 'TEST_CASE'
diff --git a/nuclei-templates/saml-raw.yaml b/nuclei-templates/saml-raw.yaml
index 28124b16e67746342d9eaf89b2d01e088701a4e4..8c8adbab144e62ae02bee7d75ba4ce1fd2eccc69 100644
--- a/nuclei-templates/saml-raw.yaml
+++ b/nuclei-templates/saml-raw.yaml
@@ -1,9 +1,9 @@
-id: samlsignaturevalidation
+id: saml-raw-all
 info:
   name: SAML signature validation
   author: T&I Incubator, GÉANT
   severity: high
-  tags: saml
+  tags: saml,raw
 variables:
   AUTHORIZATION: "Bearer abcd...789"
   CONFORMANCE_IDP_HOSTNAME: conformance-idp.maiv1.incubator.geant.org