Table of Contents
First access of MFA server
Introduction
The MFA client handles the connection to the configured MFA server instance. After logon it forces a successful challenge before a user can continue to the application. To solve a challenge the browser url changes to the MFA instance and jumps back to the application afterwards.
To reduce the traffic to the MFA server a session variable will be set after successful challenge. On MFA server is a ttl value how long a solved challenge is marked as OK. When opening a new browser window the MFA server can respond that a valid challenge still exists (and the client sets the session variable again).
First MFA request
We make a 1st request and are logged in. The MFA client gets the answer from MFA server that the user does not exist and needs a setup.
The MFA client will redirect the user to the MFA server.
There the user must setup one of the available methods.
To get an impression of the 1st visit of a user at the MFA server see the docs of the MFA server:
📗 https://os-docs.iml.unibe.ch/mfa-server/Installation/First_user_visit.html
If an error occurs that does not allow to access the MFA server you get an html page with the error message (fromn reponse of then api request).