[prev in list] [next in list] [prev in thread] [next in thread]
List: shibboleth-users
Subject: Re: Shibboleth IdP in a WAF
From: "Cantor, Scott via users" <users () shibboleth ! net>
Date: 2024-04-15 12:34:00
Message-ID: 7DA06023-CDF3-49CE-ACDD-8B5C80269E66 () osu ! edu
[Download RAW message or body]
> Can anyone else share how they are accomplishing this?
The lockout feature inside the IdP, but that's not about DOS protection, which is a \
network consideration. You can't do anything about that at the app layer without \
spending far more time than makes sense, and there would be other attacks possible \
below layer 7 anyway.
> Is there a way to add a response header to indicate when a failure
> occurs?
No, but it's a reasonable request. There probably is a way to hack somethiing in \
there based on a custom audit extractor function running for the password flow audit \
log.
-- Scott
--
For Consortium Member technical support, see \
https://shibboleth.atlassian.net/wiki/x/ZYEpPw To unsubscribe from this list send an \
email to users-unsubscribe@shibboleth.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic