Enforce MFA for federated IDPs

Zunan Dong zunan.dong at utoronto.ca
Fri May 3 15:51:05 EDT 2019

My question is, is it possible that an IdP authenticates a user by 
username and password but returns an assertion with 
authnContext="https://refeds.org/profile/mfa"? How do we prohibit that?


On 2019-05-03 03:45 PM, Cantor, Scott wrote:
> On 5/3/19, 3:07 PM, "users on behalf of Zunan Dong" <users-bounces at shibboleth.net on behalf of zunan.dong at utoronto.ca> wrote:
>> Thanks, Scott. A further question, if IdP returns a SAML assertion with
>> MFA authn context in it, how do I verify it actually uses MFA and meets
>> the requirement in the MFA document?
> I don't understand the question.
> -- Scott

Zunan Dong
Authentication Systems Specialist
Information Security
Information Technology Services
University of Toronto
Email: zunan.dong at utoronto.ca

More information about the users mailing list