Storing data (ip address) to database after successful login.

Greg Haverkamp gahaverkamp at
Wed Sep 29 21:13:05 UTC 2021

If it's sufficient to save the browser, rather than the IP address, our
approach in our OTP module is to store a cookie, using the IdP's own cookie
management tools.  It's nice not having to worry about backend storage.
(The downside is, it's Shibboleth-only, and some users get confused
about the connection between this and their desktop MFA logins.)


On Wed, Sep 29, 2021 at 7:56 AM Arnaud Houdelette <
arnaud.houdelette at> wrote:

> Hi there.
> I'm currently in the process of enabling MFA for our institution (on IDP
> 4.1).
> To limit the hassle on my 'angry' users, i'd like to ask for second factor
> only when the connecting IP address is not on a dynamic (expiring)
> allowlist.
> I already found how to use a static whitelist with
> conf/authn/mfa-authn-config.xml checkSecondFactor script.
> I intend to load the address list from a database (sqlite) with the
> attribute resolver...
> but where in the auth process should I write the sucessful login IP in the
> database ?
> --
> Arnaud Houdelette
> Administrateur des infrastructures systèmes et réseaux
> Normandie Université
> --
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list