Use group for MFA

Cantor, Scott cantor.2 at osu.edu
Thu May 11 17:38:02 EDT 2017


> The recommended hooks are mostly the example that's checked into
> trunk/master now, and I believe is also in the wiki, which has a fix or two
> from what was shipped last time. It definitely shows the correct way to get
> the username for the attribute lookup, and what you quoted does not.

Specifically the wiki example labeled "Conditional use of two factors, Flow1 and Flow2".

The only thing it doesn't show at the moment is it populating the attribute "recipient" name which some people want to use in their resolver scripts but most don't need it.

The only "trick" is the aforementioned username. That is a hard problem, and the example uses the lookup function that is used by default in the Duo flow to obtain the ID so that it's consistent and reliable.

-- Scott



More information about the users mailing list