Pure Azure AD SSO authentication with Silverline
Hi, We're trying to integrate SIlverline with Azure AD but haven't quite got it to work correctly. It appears that Silverline passes the autentication to Azure AD and this does complete successfully but Silverline then simply reports "Could not authenticate you via SAML because "Invalid Token". My guess is we need to map the correct attributes in Azure AD to send back to Silverline in the SAML response but cannot seem to find anything. There is no on-prem AD or AADDS available - it's just pure Azure AD. Has anybody done this and would be able to share what they did.
Does XPath Injection attack signature include XXE in ASM?
In ASM, does XPath injection attack signature include XML External Entity attack? https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing. It is challenging because the attack signatures hyperlink popups a list of attack signatures, but there is no way to find out what exactly is included for each attack. How do we know if ASM is protecting or not?Compression stripped by Silverline
We've recently experienced slowdowns serving web pages, and here's something we've found: Apparently, when traffic passes through the WAF, the WAF strips out the following line: Content-Encoding: gzip. We serve pages compressed with GZIP, but, from what we can see, the WAF strips that compression, severely slowing down the page delivery. Does this make sense to anyone, and is there a way to remediate this issue?
Automatic versus Manual policy building
I try to figure out the pros and cons of automatic,rapid,and manual deployment? Also the staging mode is confusing. I am planning to deploy ASM module in production with transparent mode and ask for more advices. My understanding is automically and rapid build policies itself. I know many people suggest to use automatic but administrator does not need to manually add the rules. I want to see your opinions on accuracy and pros and cons for each option.
The Business value of IP Reflection in Silverline DDOS Protection
Does IP Reflection mean that you can hide for an attacker that you are protećted by a scrubbing center? What would a traceroute reveal? If he knows that he would probably change strategy - run heavy SSL-attack and by observing response times could guess whether or not the scrubbing center has the private key. He could also try to look for the real IP adresses or generate randomized strings in get/post-requests to bypass the center.
IGEL Cloud Gateway and F5 Silverline DDoS Proxy
Does anyone have any experience or setup where they’ve been able place a service such as the IGEL Cloud gateway service behind an F5 Silverline DDoS Proxy? We are finding that the thin clients connect and register with the back-end server, but the F5 is then terminating the websocket connection that the ICG Agent on the Thin Client is expecting to always be active for as long as the Thin Client is switched on. We understand that the backend server sends websocket keepalive packets, but don’t think these are getting back to the Thin Clients. We currently have had F5 support looking into this and tried a Full Proxy with custom iRule, but this broke the service completely as the IGEL service doesn’t support any form of SSL inspection/offloading as they only support SSL Bridge Mode.
