fisx
commented
4 years ago It's certainly possible, but when we designed the library we found that it doesn't add significant security. Do you have any evidence to the contrary?
Open orandev opened 4 years ago
fisx
commented
4 years ago It's certainly possible, but when we designed the library we found that it doesn't add significant security. Do you have any evidence to the contrary?
orandev
commented
4 years ago We would like that feature in order to restrict SAML Authentication requests arriving on our IdP to requests originating from a trusted relying party only.
fisx
commented
4 years ago Yes, I understand that, but why?
From my (still limited) understanding, the power of an adversary to request authentication responses does not lead to any dangerous attacks. The attacker still needs to have credentials from a legitimate user that is to be attacked in order to authenticate against the IdP, and can only use the response for a few minutes, and only against the wire team the IdP thinks it sends it to.
(I'm not trying to be difficult, it's just that easiest way to get this into the feature pipeline is a cryptographic reason.)
orandev
commented
4 years ago It can lead to bruteforce attacks. If signing is in place, the IdP won't even attempt to authenticate the login/password if the request is not correctly signed.
fisx
commented
4 years ago Brute force should be prevented by throttling on the IdP side, but you do have a point in that it's always better to have two counter-measures than one.
I will bring it up and we'll get back to you.
orandev
commented
4 years ago Hello Do you have any news on that subject?
Hello, There is no signing cert in Wire SAML metadata file. Would it be possible for you to implement the signing of SAML authentication requests please?