Forced two-factor authentication#
The Require2ndFactor
procedure requires two-factor authentication to access the application. If a user goes to the application within a single session, if there is one factor passed, the user will have the second factor additionally verified, i.e., SSO will not work in this case.
public class Require2ndFactor implements Strategy {
private final Logger logger = LoggerFactory.getLogger("com.identityblitz.idp.flow.dynamic");
@Override public StrategyBeginState begin(final Context ctx) {
if(ctx.claims("subjectId") != null){
if (ctx.sessionTrack().split(",").length < 2)
return StrategyState.MORE(new String[]{});
else
return StrategyState.ENOUGH();
}
else {
return StrategyState.MORE(new String[]{});
}
}
@Override public StrategyState next(final Context ctx) {
if(ctx.justCompletedFactor() == 1)
return StrategyState.MORE(new String[]{});
else
return StrategyState.ENOUGH();
}
}