Introduction

Following on from CSRF Mitigation Options - Development Center - Shibboleth Wiki, here we explore how the CsrfFlowExecutionListener[1] CSRF synchroniser token pattern mitigation can be applied to the multi-factor authentication mechanism within the IdP to help prevent Login CSRF across composite authentication strategies.