...
Code Block | ||
---|---|---|
| ||
AuthType shibboleth ShibRequestSetting authnContextClassRef https://refeds.org/profile/mfa ShibRequestSetting requireSession 1 ShibRequireAll on ShibCompatWith24 on Require shib-session Require authnContextClassRef "https://refeds.org/profile/mfa" |
Info | |||||
---|---|---|---|---|---|
If this site only require Two-Factor for certain location, this configuration will not work reliably. If the user doesn't have valid session and requests content in the Two Factor required directory first, two-factor will be enforced. If the user requests content from your site that NOT requires Two Factor and then requests content in the To resolve this issue, we can redirect authorization denied error to a script and use that script to redirect user to IDP for second factor authentication. ErrorDocument 401 /cgi-bin/mfaChk.cgi ( this is just an example, you can replace it with your own script)
|
...