Enforce MFA for federated IDPs

Zunan Dong zunan.dong at utoronto.ca
Fri May 3 14:56:03 EDT 2019

Hi Scott,

https://refeds.org/profile/mfa is an AuthnContextClassRef inserted into SAML Req/Resp. Is there any entity category that ensures a particular IDP supports this Authn Context?

I have found a final report of "Multi-Factor Authentication Inter-operability". It seems like whether to create an entity category for MFA in InCommon is still on pending. Do you have a conclusion for that?


Zunan Dong

Authentication Systems Specialist

Information Security

Information Technology Service

University of Toronto

From: users <users-bounces at shibboleth.net> on behalf of Scott Koranda <skoranda at gmail.com>
Sent: Thursday, 25 April 2019 10:41:27 AM
To: Shib Users
Cc: Jin Fang
Subject: Re: Enforce MFA for federated IDPs

> We have an SP requires MFA for internal users(authenticate against our
> internal IDP). Now we want users from other universities/institutions to
> use this SP through federated IDPs. How do we enforce MFA for those
> IDP/users? Is there a standard that helps the collaboration between SPs
> and IDPs on MFA enforcement(like R&S, SIRTFI)?


Scott K
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190503/772b54b8/attachment.html>

More information about the users mailing list