Menu
▾
▴
Re: [Unity-idm-discuss] enforcing 2FA
|
From: Krzysztof B. <kb...@un...> - 2023-05-31 16:33:34
|
Hi, W dniu 31.05.2023 o 11:30, Sander Apweiler pisze: > Hi Krzysztof, > we are just using two realms. The adminRealm for console endpoint and > the defaultRealm for all other endpoints. But we could create a third > one dedicated to the home endpoint for the oauth clients. Hm. So what are the two flows in which you expect to have different authN? Let's say you create one realm for the Home endpoint. This realm will require MFA. Then all users accessing this endpoint will need to authenticate with MFA. That is easy. But I still don't understand your setup. I don't know what do you mean by "normal authentication of the client in AuthZ code flow". Please be more verbose. What are the authn options? Wat are the endpoints in question (just /home or /home and OAuth IdP?)? Krzysztof > Best regards, > Sander > > On Wed, 2023-05-31 at 11:09 +0200, Krzysztof Benedyczak wrote: >> Hi Sander, >> >> W dniu 30.05.2023 o 13:06, Sander Apweiler pisze: >>> Hi Krzysztof, hi Roman >>> we are planning to enforce 2FA on /home endpoint. Can you confirm >>> that >>> Oauth admins would need to enter second factor if they log in at >>> this >>> endpoint with the client credentials but the normal authentication >>> of >>> the client in Authorization code flow is not effected. >> It depends on details of your setup. Can you provide your envisioned >> realms setup and what is the assignment of home and oauth endpoints >> to >> realms? >> >> Best, >> Krzysztof >> >> >> >> >> _______________________________________________ >> Unity-idm-discuss mailing list >> Uni...@li... >> https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss |
