[EXT] Learning to develop an IDP extension

Cantor, Scott cantor.2 at osu.edu
Tue Mar 27 17:52:03 EDT 2018

On 3/27/18, 5:46 PM, "users on behalf of Yeargan, Yancey" <users-bounces at shibboleth.net on behalf of Yancey.Yeargan at untsystem.edu> wrote:

> At this time, I expect it to be second-factor only; though I would be foolish to not anticipate scope creep in the future.

It's not a scope matter, it's a "this is what you must do and not do other things" issue. You will end up with a mess and it will be broken if you try and do more than just what it's required to do. The first factor is not the job of that flow.

The contrast is RSA SecurID, which is actually MFA, in one token. It can only be done by supplying both factors at once to the RSA library and so it's implemented in one flow. It's one system handling both factors so it's one flow.

Most "MFA" solutions today are not MFA, so the new flow's job is not MFA, it's to implement the new factor. The IdP's MFA flow is what ties them together, not your extension.

-- Scott

More information about the users mailing list