Hi Martin,
I have asked this before, see
here: https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/SXHIyRWqsT0
We have implemented that into our CAS code, however it is very customized
to our specific application, so unfortunately I cannot shared my current
setup in detail with you.
A 4th approach came to my mind:
- 4. Implementing a MFA with the first factor being the regular
pac4j/OAuth delegated auth and the second factor the automated database
check if the user is "known". That seems a bit over-engineered to me. What
do you think?
--
- Website:
