Is multi factor authentication practical/feasible?

[John Gateley]

On 7/3/22 8:31 AM, John Gateley wrote:
> The protocols were designed long before SAML and OIDC. SAML/OIDC give 
> you more control over authn/z
> and allow easily adding in MFA or other different types of auth. To do 
> this right, you'd need to extend
> the protocol to allow OIDC or SAML.

I did find this RFC - I haven't read it, but it applies directly:
https://datatracker.ietf.org/doc/html/rfc7628

j