Please read all documentation before proceeding. https://refeds.org/profile/mfa
If your SP accepts authentication assertions from other IdPs, you should be aware that REFEDS MFA may not be supported by all IdPs.
What is REFEDS MFA?
REFEDS MFA is an Authentication Context that can allow SP to assure users did use MFA to authenticate to their application.
Why use REFEDS MFA?
Some applications may have stricter security standard and must require that all users must authenticate using MFA.
Updating your SP to use REFEDS MFA.
Here are two example on configuring REFEDS MFA in your shibboleth2.xml.
Restart shibd and Test your application
Restart shibd process and verify shibboleth is running in your shibd.log (/var/log/shibboleth or /opt/etc/shibboleth/var/log). Please test your application to ensure REFEDS MFA context is in the assertion.