OAUTH/SAML Login for Wordfence

  • Resolved mattspierce

    (@mattspierce)


    4 years, 5 months ago

    I appreciate the MFA capabilities for securing the administrator login page. I would like to have an option to define an OAUTH or SP intiated SAML sign in with my current IDP. This reduces the management of auth factors and improves log correlation. Is this a feature you are considering?

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hey @mattspierce,

    I’m not aware of any plans to implement these at this time. However, I’ll share this with developers for their thoughts.

    It’s worth mentioning that after a little looking around this doesn’t seem to be the most secure method to for login protection due to the possibility of man-in-the-middle attacks. But, I will share this with the developers for their thoughts.

    Thanks,

    Gerroald

    Thread Starter mattspierce

    (@mattspierce)

    Thanks for the consideration. The MIM considerations are primarily with IDP initiated SAML vs SP initiated SAML. Also, if an attacker is in position to MIM the authentication they either have the browser, or can decrypt TLS at the IDP. In either case your turning on sprinklers after the roof burned up. Its up to the sysadmin to implement appropriate Risk based monitoring and MFA at the IDP to protect the user auth exchange. So when done well its more secure because of visibility, correlation, and response. Done wrong its got its issues.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘OAUTH/SAML Login for Wordfence’ is closed to new replies.

Tags