requiring 2FA for an SP
Cantor, Scott
cantor.2 at osu.edu
Tue Oct 4 15:51:25 EDT 2016
> I think this will be fairly trivial to do in 3.3 with the new MFA implementation.
Nothing to do with 3.3 or that implementation.
> In 3.2, you have a variety of unpalatable options unless you can, as Peter
> mentioned, modify the metadata or AuthnRequests to do signaling by
> AuthnContext.
There is no signaling in metadata for this, never has been. The option is the same as always, modify defaultAuthenticationMethods for the relying party and require signed requests. I agreed to look at adding an option in 3.3 to block requesting AuthnContexts to avoid the signed requirement but the core mechanism is defaultAuthenticationMethods.
-- Scott
More information about the users
mailing list