General WebAuth Tests
- basic WebAuth test
- test extra redirect
- test environment variable prefix
- test cancel login
- test return url
- test query params on initial redirect
- test 5 second app-token lifetime
- test 5 second app-token lifetime and force login
- test last-used update
- test inactive-expire
- test for no query params on initial redirect
- test POST with expired cookie
- test PHP (only works if PHP installed)
Multifactor Tests
- any multifactor required
- OTP multifactor required
- OTP multifactor plus password required
- random multifactor required
- o3 multifactor method required
- LoA required at a level any user should meet
- LoA required at a level any OTP user should meet
- LoA required at a level any strong OTP user should meet
- LoA required at a level no user should meet (access denied)
- LoA required at a level any OTP users should meet plus o3 multifactor required plus force login for multifactor
- force session with password
- force session with multifactor
- force session with negotiate-auth
- force session with random multifactor