MFA for Incommom members
Cantor, Scott
cantor.2 at osu.edu
Tue Jul 2 12:47:14 EDT 2019
> Are there any other ways the Endpoint URL can be extracted and used to apply MFA on ?
It's ill-advised; there is no support for applying policy to a request beyond the entityID, to avoid tying yourself to details of a deployment that are in no way assumed to be stable. Those URLs are not "applications" in the sense that you're trying to attach meaning to.
To the extent that it would ever be done, it should be done with RelayState by agreeing to specific values amongst the parties that signal the appropriate things. That's not good, but it's better than relying on the endpoints.
-- Scott
More information about the users
mailing list