MFA for Incommom members

Cantor, Scott cantor.2 at
Tue Jul 2 12:47:14 EDT 2019

> Are there any other ways the Endpoint URL can be extracted and used to apply MFA on ?

It's ill-advised; there is no support for applying policy to a request beyond the entityID, to avoid tying yourself to details of a deployment that are in no way assumed to be stable. Those URLs are not "applications" in the sense that you're trying to attach meaning to.

To the extent that it would ever be done, it should be done with RelayState by agreeing to specific values amongst the parties that signal the appropriate things. That's not good, but it's better than relying on the endpoints.

-- Scott

More information about the users mailing list