Enforce MFA for federated IDPs
zunan.dong at utoronto.ca
Fri May 3 15:51:05 EDT 2019
My question is, is it possible that an IdP authenticates a user by
username and password but returns an assertion with
authnContext="https://refeds.org/profile/mfa"? How do we prohibit that?
On 2019-05-03 03:45 PM, Cantor, Scott wrote:
> On 5/3/19, 3:07 PM, "users on behalf of Zunan Dong" <users-bounces at shibboleth.net on behalf of zunan.dong at utoronto.ca> wrote:
>> Thanks, Scott. A further question, if IdP returns a SAML assertion with
>> MFA authn context in it, how do I verify it actually uses MFA and meets
>> the requirement in the MFA document?
> I don't understand the question.
> -- Scott
Authentication Systems Specialist
Information Technology Services
University of Toronto
Email: zunan.dong at utoronto.ca
More information about the users