wire-server icon indicating copy to clipboard operation
wire-server copied to clipboard

Published 20 hours ago • verified publisher icon wireapp

sign SAML auth requests

Open orandev opened this issue 4 years ago • 6 comments

Hello, There is no signing cert in Wire SAML metadata file. Would it be possible for you to implement the signing of SAML authentication requests please?

orandev avatar May 25 '20 13:05 orandev

It's certainly possible, but when we designed the library we found that it doesn't add significant security. Do you have any evidence to the contrary?

fisx avatar May 25 '20 13:05 fisx

We would like that feature in order to restrict SAML Authentication requests arriving on our IdP to requests originating from a trusted relying party only.

orandev avatar May 25 '20 13:05 orandev

Yes, I understand that, but why?

From my (still limited) understanding, the power of an adversary to request authentication responses does not lead to any dangerous attacks. The attacker still needs to have credentials from a legitimate user that is to be attacked in order to authenticate against the IdP, and can only use the response for a few minutes, and only against the wire team the IdP thinks it sends it to.

(I'm not trying to be difficult, it's just that easiest way to get this into the feature pipeline is a cryptographic reason.)

fisx avatar May 25 '20 14:05 fisx

It can lead to bruteforce attacks. If signing is in place, the IdP won't even attempt to authenticate the login/password if the request is not correctly signed.

orandev avatar May 25 '20 14:05 orandev

Brute force should be prevented by throttling on the IdP side, but you do have a point in that it's always better to have two counter-measures than one.

I will bring it up and we'll get back to you.

fisx avatar May 25 '20 15:05 fisx

Hello Do you have any news on that subject?

orandev avatar Jun 08 '20 15:06 orandev