Menu
▾
▴
[Unity-idm-discuss] signalling mfa usage
|
From: Sander A. <sa....@fz...> - 2023-01-03 06:40:18
|
Dear Krzysztof, first of all happy new year and all the best for 2023. After enabling two factor authentication on our services, we want to signal the usage of it to the services. In SAML we want to use the https://refeds.org/profile/mfa in AuthnContextClassRef. In OIDC we want to use the acr claim. Is this possible within unity? I didn't find anything in the manual about setting AuthnContextClassRef or acr. The second thing we are thinking about is proxying the information from the Upstream IdPs if there was 2FA used. I read that we can read the AuthnContextClassRef in SAML input translation profile. Is there also an action which removes the old value, if this is not covered in the next login anymore? Best regards, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
