sign SAML auth requests

[orandev]

Hello,
There is no signing cert in Wire SAML metadata file.
Would it be possible for you to implement the signing of SAML authentication requests please?

[fisx]

It's certainly possible, but when we designed the library we found that it doesn't add significant security. Do you have any evidence to the contrary?

[orandev]

We would like that feature in order to restrict SAML Authentication requests arriving on our IdP to requests originating from a trusted relying party only.

[fisx]

Yes, I understand that, but why?

From my (still limited) understanding, the power of an adversary to request authentication responses does not lead to any dangerous attacks. The attacker still needs to have credentials from a legitimate user that is to be attacked in order to authenticate against the IdP, and can only use the response for a few minutes, and only against the wire team the IdP thinks it sends it to.

(I'm not trying to be difficult, it's just that easiest way to get this into the feature pipeline is a cryptographic reason.)

[orandev]

It can lead to bruteforce attacks.
If signing is in place, the IdP won't even attempt to authenticate the login/password if the request is not correctly signed.

[fisx]

Brute force should be prevented by throttling on the IdP side, but you do have a point in that it's always better to have two counter-measures than one.

I will bring it up and we'll get back to you.

[orandev]

Hello
Do you have any news on that subject?