Ex: Reuse MFA flow bean

Paul B. Henson henson at cpp.edu
Sat Sep 18 01:00:24 UTC 2021

On Fri, Sep 17, 2021 at 02:37:02PM +0000, Wessel, Keith wrote:

> Nice! If I understand correctly, the MFA flow will only re-run if the
> user hasn't already satisfied all factors, correct? That way, you're
> not running the MFA flow again if there's nothing more for it to do?

Yeah, I don't have any services that require you *not* to have done MFA
:). If you've already done MFA, you're as secure as the session is going
to get; if you haven't, we need to check if you should.

The MFA flow script pulls some user attributes and looks up relying
party info, I assume this quick check is more efficient in the case
they've already done it.

Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
Operating Systems and Network Analyst  |  henson at cpp.edu
California State Polytechnic University  |  Pomona CA 91768

More information about the users mailing list