Authn.properties supported principals and MFA
kwessel at illinois.edu
Thu Aug 19 19:46:18 UTC 2021
I'm trying to make the switch from general-authn.xml to authn.properties, and everything's working except for the right auth context being returned to the SP. I have an SP that isn't requesting any explicit authn contexts and a user who's required by policy to perform 2FA. I'm expecting the Refeds MFA profile context to be returned to my SP, but it's reporting password. I have the Refeds MFA profile set in the supported principals for the Duo flow. It's also set for the MFA flow alongside the password principal.
I've also tried adding the MFA profile to the list of weighted responses in authn-comparison.xl. I assume that shouldn't be necessary because the IdP should be selecting a context from the last flow that ran inside the MFA flow which is Duo instead of selecting randomly from all principals supported by the MFA flow. Is that true? Nevertheless, I tried this:
It didn't change anything.
My relevant authn.properties settings look like:
idp.authn.Duo.supportedPrincipals = \
idp.authn.MFA.supportedPrincipals = \
Where am I going wrong on this?
More information about the users