Presently, authentication methods are defined statically in the MFA configuration per RP, request or per user attribute. A single authentication method is always resolved. However, it may be desirable to allow more than authentication method for a given request. Consider a sample scenario where CAS is configured with DUO, but the user has no access to their mobile device and has no security codes available, but they have their Yubikey hardware token with them. Supporting both flows at the same time will allow the user to go thru authn.
Presently, authentication methods are defined statically in the MFA configuration per RP, request or per user attribute. A single authentication method is always resolved. However, it may be desirable to allow more than authentication method for a given request. Consider a sample scenario where CAS is configured with DUO, but the user has no access to their mobile device and has no security codes available, but they have their Yubikey hardware token with them. Supporting both flows at the same time will allow the user to go thru authn.