MFA & multiple RemoteUser paths

Marco Naimoli marco.naimoli at
Tue Sep 28 14:01:09 UTC 2021

Hello, I'm using MFA on IDP4, that can use RemoteUser authentication; using
configuration file I choose among various path (example Authn/path1,
Authn/path2) the right path using the AuthnContextClassRef sent from the SP.
Now I need to choose using something that a user can select from
authenticaton screen (for example: based on the user selection the
remoteuser-authn-config.xml could select Authn/path3);
a possible solution could be to use, on remoteuser-authn-config.xml, the
eventId of the user selection, but I don't know if it's possible and how;
otherwise I could set an AuthnContextClassRef
from the MFA script: I tried using the script:
authCtx =
var AuthnContextClassRefPrincipal =
            tkp = new AuthnContextClassRefPrincipal("myContextClassRef");
but I don't know what to put on the "operator" field; but, more generally,
I don't know if any of the
two methods are the right approach to this problem
Another way could be to "clone" the RemoteUser flow to a new one (creating
a new module ?),
but it seems a complex solution for a (apparently) simple problem
Could anyone help me ?
Thank you
Marco Naimoli
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list