We intercepted this SAMLResponse from the Identity Provider.
The flag is hidden inside one of the XML Attributes.
> MISSION: Decode the Base64 string above. Find the "SecretFlag" attribute.