In this Section
Disabling Unused Authentication Protocols
Configuring SSL Communication between Browsers and Identity Server
Configuring SSL Communication with Identity Server and a Service Provider
Securing Authentication by Using Strong and Multi-Factor Authentication Methods
Securing Federation
Configuring a Whitelist of Target URL
Blocking Access to Identity Server Pages
Enabling Advanced Session Assurance
Securing Identity Server Web Service Interface
Enabling reCAPTCHA
Preventing the SWEET32 Attack
Detecting the Brute Force Attack
Restricting the Direct Access to Files in the nidp Folder
Preventing Cross-Site Request Forgery Attacks
Using the Device ID in the URN Cookie
Configuring the Cookie Secure Flag
Default Security Settings in Configuration Files