Forum Discussion
1 Reply
Sort By
- youssef1Cumulonimbus
Hi,
In fact you can protect SAML Part but only authentication part (Form, ntlm ...).
But if you are talking about brute force using SAML request/response it's not a real brute force because the signature should validate against a key. You should have a corresponding key for any entity that you are exchanging data with. Unauthorized entities will not have keys, and the keyspace of any widely-accepted good cryptography protocol will make brute-forcing impossible (SAML will allow you to verify that the response was generated by a trusted source)...
Regarding oauth it works pretty much in the same principle...
Hope it's clear.