Adaptative Authentication Plugin
We already have some conditions to require a 2FA at authentication. With these conditions, a user can increment ist authentication level and access to sensible applications.
But the use case of adaptative authentication is the following: to access a sensible application, I need a 2FA if I'am outisde a trusted network, but just 1FA from trusted network. This can't be done easily for the moment.
The goal of this plugin is to increment authenticationLevel after authentication process, with some rules. For example we can create a rule that will increment authenticationLevel if the user is from a trusted network. In this case this user could have the same authentication level than a user with 2FA from an untrusted network.
My design proposal is a simple key/value configuration:
- Key: a rule that will be evaluated with user envrionement and session
- Value: {operator}{digit}
operator could be +,-,= or empty (empty means =) digit will be the value to add/remove/set to previous authentication level