Enforce MFA for federated IDPs

Cantor, Scott cantor.2 at osu.edu
Fri May 3 15:01:43 EDT 2019

On 5/3/19, 2:56 PM, "users on behalf of Zunan Dong" <users-bounces at shibboleth.net on behalf of zunan.dong at utoronto.ca> wrote:

> https://refeds.org/profile/mfa is an AuthnContextClassRef inserted into SAML Req/Resp. Is there any entity category
> that ensures a particular IDP supports this Authn Context?

That doesn't have any value. If you don't *need* it, don't ask for it. If you do need it, then you ask, and when you get an error back, you know they didn't support it (which by definition implies you can't let them login anyway).

-- Scott C

More information about the users mailing list