Two-factor authentication requires a user to log in with a username, password and a second factor, such as a Duo two-factor option. You can configure your website to require two-factor authentication to provide greater security for your service.
AuthType shibboleth ShibRequestSetting authnContextClassRef https://refeds.org/profile/mfa ShibRequestSetting requireSession 1 <RequireAll> Require authnContextClassRef "https://refeds.org/profile/mfa" Require shib-session </RequireAll> |
AuthType shibboleth ShibRequestSetting authnContextClassRef https://refeds.org/profile/mfa ShibRequestSetting requireSession 1 ShibRequireAll on ShibCompatWith24 on Require shib-session Require authnContextClassRef "https://refeds.org/profile/mfa" |
If this site only require Two-Factor for certain location, this configuration will not work reliably. If the user doesn't have valid session and requests content in the Two Factor requireddirectory first, two-factor will be enforced. If the user requests content from your site that NOT requires Two Factor and then requests content in the |