Suppress MFA for a period of time
Published Jul 16, 2019
Version 1.0Was this article helpful?
Hi Stanislas,
Thanks! I seems the wiki page on HTTP::cookie should get updated. The ACCESS_SESSION_STARTED event is not listed as a valid event. I've updated the code snippet. I tried the b64encode and md5 in the branch expression, but these commands are not allowed. One must ask if it is really a huge benefit to put a hashed combination of the username and User-Agent in the cookie. It seems that just putting the username in the encrypted cookie should be sufficient. Then just the VPE expression could be used.
Kind regards,
--Niels