Enforce MFA for federated IDPs
Zunan Dong
zunan.dong at utoronto.ca
Fri May 3 15:51:05 EDT 2019
My question is, is it possible that an IdP authenticates a user by
username and password but returns an assertion with
authnContext="https://refeds.org/profile/mfa"? How do we prohibit that?
Zunan
On 2019-05-03 03:45 PM, Cantor, Scott wrote:
> On 5/3/19, 3:07 PM, "users on behalf of Zunan Dong" <users-bounces at shibboleth.net on behalf of zunan.dong at utoronto.ca> wrote:
>
>> Thanks, Scott. A further question, if IdP returns a SAML assertion with
>> MFA authn context in it, how do I verify it actually uses MFA and meets
>> the requirement in the MFA document?
> I don't understand the question.
>
> -- Scott
>
>
--
Zunan Dong
Authentication Systems Specialist
Information Security
Information Technology Services
University of Toronto
Email: zunan.dong at utoronto.ca
More information about the users
mailing list