more mfa scripting logic

Mathis, Bradley bmathis at
Mon Feb 5 13:57:49 EST 2018

Howdy all,

I'm successfully using mfa logic to send specific users to Duo
Authentication, thanks to the samples/documentation/wiki and postings from
users here on users at
I'm now adding another piece of mfa logic to the mfa-authn-config.xml
checksecondfactore inline script.

Prior to checking for specific user attributes I'm now first checking the
RelyingPartyId to see if   Duo is needed.   I'm able to do this
successfully after stealing some example logic that Andrew Morgan posted
..Thanks Andrew!

This is an excerpt from my mfa-authn-config.xml

               rpid =
            if (rpid.equals(""))
                nextFlow = "authn/Duo";

The above works if I add an if statement for every RelyingPartyId
separately.  I was hoping I might be able to use a regular expression and
do a pattern match or something like that (my terminology is probably
wrong). I'm not a programmer.


Let's say I have multiple RelyingPartyIds like this
rather than creating an if statement for each one I would like to do a
pattern match up against something like this


and if it's true then set the nextFlow = "authn/Duo"

Anyone one have a sample I can hack at?  If not no worries I'm very happy
with my success so far and can probably live with adding each one


Brad Mathis
Principal Systems Analyst
Pima Community College
IT - Technical Services
bmathis at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list