Idea ID: 2874319

Risk Service at AAF is too Limited

Status : New Idea

Extend the Risk Service Capabilities that are inside AAF.


  • A RISK Calculation is only available for WEB based Authentications. This is dependent to parameters that can be validated du an authenticaiton proecss. 
    The communication between the Browser and the IDP component o AAF allows the validation of parameters beyond IP and Date/Time as the browser for example sends cookies, certificates, or execute scripts that allow device detection and more. A comparable functionality to some point could be archived with the OS Plug-Ins, but not for a communication with a 3rd Party (e.g. ADFS) or RADIUS based logins. 

    It all depnds to the ability to receive the right information which mostly limit risk based authentication to WEB traffic. But I agree on the fact that we should enhance the functionality to the OS PlugIns