Ex: Reuse MFA flow bean
Paul B. Henson
henson at cpp.edu
Sat Sep 18 01:00:24 UTC 2021
On Fri, Sep 17, 2021 at 02:37:02PM +0000, Wessel, Keith wrote:
> Nice! If I understand correctly, the MFA flow will only re-run if the
> user hasn't already satisfied all factors, correct? That way, you're
> not running the MFA flow again if there's nothing more for it to do?
Yeah, I don't have any services that require you *not* to have done MFA
:). If you've already done MFA, you're as secure as the session is going
to get; if you haven't, we need to check if you should.
The MFA flow script pulls some user attributes and looks up relying
party info, I assume this quick check is more efficient in the case
they've already done it.
--
Paul B. Henson | (909) 979-6361 | http://www.cpp.edu/~henson/
Operating Systems and Network Analyst | henson at cpp.edu
California State Polytechnic University | Pomona CA 91768
More information about the users
mailing list