Enable Multi Factor Authentication across Service Providers

[krishnilak]

Description:
I have found that, enabling multiple authentication steps across service providers (Service providers which is using default authentication sequence) can be done by doing changes in the <IS_Home>/repository/conf/identity/service-providers/default.xml
[1] This is not mentioned in the documentation anywhere
[2] Could not find any mapping from deployment.toml to default.xml authentication steps

Affected Product Version:
IS 5.10 onwards

Steps to reproduce:
Changing MFA Steps in a global level (Across all the service providers) can be done by doing configurations changes at the <IS_HOME>/repository/identity/service-providers/default.xml, And by enabling the default authentication flow for the service provider.

Initially default.xml will have configurations as belows, But if I need to add more authentication steps, to the default flow I can do that by adding element with 2

        <LocalAndOutBoundAuthenticationConfig>
		<AuthenticationSteps>
			<AuthenticationStep>
				<StepOrder>1</StepOrder>
				<LocalAuthenticatorConfigs>
					<LocalAuthenticatorConfig>
						<Name>BasicAuthenticator</Name>
						<DisplayName>basicauth</DisplayName>
						<IsEnabled>true</IsEnabled>
					</LocalAuthenticatorConfig>
				</LocalAuthenticatorConfigs>
				<!-- FederatedIdentityProviders>
				 <IdentityProvider>
				       <IdentityProviderName>facebook</IdentityProviderName>
				       <IsEnabled>true</IsEnabled>
                                     <DefaultAuthenticatorConfig>
                                             <FederatedAuthenticatorConfig> 
                                                     <Name>FacebookAuthenticator</Name>
                                                     <IsEnabled>true</IsEnabled>
                                             </FederatedAuthenticatorConfig>
                                     </DefaultAuthenticatorConfig>
				 </IdentityProvider>
				</FederatedIdentityProviders -->
				<SubjectStep>true</SubjectStep>
				<AttributeStep>true</AttributeStep>
			</AuthenticationStep>
		</AuthenticationSteps>	
	</LocalAndOutBoundAuthenticationConfig>

For example, If I want to have basic authentication as the first step and google account verification as the second step, following are the configurations

          <LocalAndOutBoundAuthenticationConfig>
		<AuthenticationSteps>
			<AuthenticationStep>
				<StepOrder>1</StepOrder>
				<LocalAuthenticatorConfigs>
					<LocalAuthenticatorConfig>
						<Name>BasicAuthenticator</Name>
						<DisplayName>basicauth</DisplayName>
						<IsEnabled>true</IsEnabled>
					</LocalAuthenticatorConfig>
				</LocalAuthenticatorConfigs>
				<SubjectStep>true</SubjectStep>
				<AttributeStep>true</AttributeStep>
			</AuthenticationStep>
                         <AuthenticationStep>
				<StepOrder>2</StepOrder>
				< FederatedIdentityProviders>
				 <IdentityProvider>
				       <IdentityProviderName>google</IdentityProviderName>
				       <IsEnabled>true</IsEnabled>
                                     <DefaultAuthenticatorConfig>
                                             <FederatedAuthenticatorConfig> 
                                                     <Name>google</Name>
                                                     <IsEnabled>true</IsEnabled>
                                             </FederatedAuthenticatorConfig>
                                     </DefaultAuthenticatorConfig>
				 </IdentityProvider>
				</FederatedIdentityProviders>
				<SubjectStep>false</SubjectStep>
				<AttributeStep>false</AttributeStep>
			</AuthenticationStep>
		</AuthenticationSteps>	
	</LocalAndOutBoundAuthenticationConfig>

Default sequence can be enabled for a service provider by, traversing to service provider edit view from the management console and navigating to “Inbound and Outbound Authentication Configuration” and checking the option “Default”

Related Issues:
wso2/product-is#9452