Forum Discussion

JQUINONES82NB's avatar
JQUINONES82NB
Icon for Nimbostratus rankNimbostratus
May 01, 2019

ASM SAML/OAUTH Brute force login protection in the future???

Can the ASM provide brute force protection for SAML or OAUTH based web applications?

 

At the moment it supports form based, basic auth and NTLM.

 

Is there a road map for this?

 

1 Reply

  • Hi,

     

    In fact you can protect SAML Part but only authentication part (Form, ntlm ...).

     

    But if you are talking about brute force using SAML request/response it's not a real brute force because the signature should validate against a key. You should have a corresponding key for any entity that you are exchanging data with. Unauthorized entities will not have keys, and the keyspace of any widely-accepted good cryptography protocol will make brute-forcing impossible (SAML will allow you to verify that the response was generated by a trusted source)...

     

    Regarding oauth it works pretty much in the same principle...

     

    Hope it's clear.