Forum Discussion
youssef1
May 01, 2019Cumulonimbus
Hi,
In fact you can protect SAML Part but only authentication part (Form, ntlm ...).
But if you are talking about brute force using SAML request/response it's not a real brute force because the signature should validate against a key. You should have a corresponding key for any entity that you are exchanging data with. Unauthorized entities will not have keys, and the keyspace of any widely-accepted good cryptography protocol will make brute-forcing impossible (SAML will allow you to verify that the response was generated by a trusted source)...
Regarding oauth it works pretty much in the same principle...
Hope it's clear.