Forum Discussion

Nimbostratus

May 01, 2019

ASM SAML/OAUTH Brute force login protection in the future???

Can the ASM provide brute force protection for SAML or OAUTH based web applications? At the moment it supports form based, basic auth and NTLM. Is there a road map for this?

Cumulonimbus

May 01, 2019

Hi,

In fact you can protect SAML Part but only authentication part (Form, ntlm ...).

But if you are talking about brute force using SAML request/response it's not a real brute force because the signature should validate against a key. You should have a corresponding key for any entity that you are exchanging data with. Unauthorized entities will not have keys, and the keyspace of any widely-accepted good cryptography protocol will make brute-forcing impossible (SAML will allow you to verify that the response was generated by a trusted source)...

Regarding oauth it works pretty much in the same principle...

Hope it's clear.

Forum Discussion

ASM SAML/OAUTH Brute force login protection in the future???

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Securing Generative AI: Defending the Future of Innovation and Creativity

Beyond REST: Protecting GraphQL

L7 DoS Protection with NGINX App Protect DoS

SAML IdP Initiated SSO Denied and Killing Existing Session established through OAuth

Managing NGINX App Protect WAF for Beginners