Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
titleApache 2.2
AuthType shibboleth
ShibRequestSetting authnContextClassRef https://refeds.org/profile/mfa
ShibRequestSetting requireSession 1
ShibRequireAll on
ShibCompatWith24 on
Require shib-session
Require authnContextClassRef "https://refeds.org/profile/mfa"
Info

If this site only require Two-Factor for certain location, this configuration will not work reliably. If the user doesn't have valid session and requests content in the Two Factor requireddirectory first, two-factor will be enforced. If the user requests content from your site that NOT requires Two Factor and then requests content in the Two Factor directory, user may get authorization deny error if user hasn't completed two factor.