Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: fix typo

...

So it seems best to use the UsernamePassword login handler as well, for any uses that don't require a token. This limits the use of the MultiFactor login handler to those cases where provding an OTP token is in fact strictly required and requested by a Relying Party. Note that peter had to add a defaultAuthenticationMethod="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" on the <rp:DefaultRelyingParty> element in $IDP_HOME/conf/relying-party.xml as the MultiFactor login handler took precedence. If you have custom <rp:DefaultRelyingParty>RelyingParty> elements defined that may also be necessary for those.

...