Forcing MFA for some SPs and not Others
Wessel, Keith
kwessel at illinois.edu
Fri Aug 13 17:02:11 UTC 2021
That's not true if you hve MFA configured properly. The second MFA should see that the currently satisfied authentication methods isn't sufficient and should prompt the user for step-up authentication. That is, it'll skip asking the user for their username and password again but will go straight to the MFA prompt.
Keith
From: users <users-bounces at shibboleth.net> On Behalf Of Ullfig, Roberto Alfredo
Sent: Friday, August 13, 2021 11:56 AM
To: Shib Users <users at shibboleth.net>
Subject: Forcing MFA for some SPs and not Others
Is there a way for Shibboleth to create different cookies for different SPs? For instance, if I force MFA on an application on the IDP side I can easily get around MFA by logging into another SP that doesn't require MFA first because I've already identified myself.
---
Roberto Ullfig - rullfig at uic.edu<mailto:rullfig at uic.edu>
Systems Administrator
Enterprise Applications & Services | Technology Solutions
University of Illinois - Chicago
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210813/cd8519e1/attachment.htm>
More information about the users
mailing list