c14n attribute sourced subject, multiple principals

[Cantor, Scott]

> I will say, the idea of gating the MFA process at the IDP in any way would
> generally be frowned upon, with respect to your referencing the IDP 'lying'.

That isn't what I mean by lying. Lying is *not* performing a second factor while claiming that you did (i.e what Duo does). Deciding whether to do it, and then just accurately reflecting the result is exactly what the IdP should do, and what any examples I've posted generally do.

-- Scott