Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Good morning I'm hoping someone will have some insights as to what our issue is we are having,

We have most of the ory suite setup kratos/oathkeeper/hydra, were having a problem on 1.0 kratos with MFA and recovery paths, where the return URL doesn't include the aal=aal2 (it's blank aal=), which then causes infinite redirect errors. If I take the url it gives me for the redirect and add aal=aal2 I get back to the mfa screen to continue the recovery so it looks like just a config bug on our side but for the life of me can't figure it out. s

Let me know what parts of config(s) you need to see I can grab them for you.

It's running in Kubernetes we have nginx ingress for the ingress to oathkeeper rule =&gt; kratos/auth ui (self service node ui)