Currently right now I have OpenAM, OpenDJ, and OpenIG configured and working together. When I go to http://forgerockhost:8080/openam and hit the login page, I want to be able to login as the amadmin without being prompted for MFA. In addition, whenever I go to a protected resource, such as a SAML partner or an IG resource, I want the user to get hit with MFA. Currently as of right now, the only way I have found it to work is that every page gets MFA or no page gets MFA. I have tried changing the Administrator Authentication Configuration, Organization Authentication Configuration, and Linking Authentication Chain, but none of these have seemed to work how I expect. I could be doing something wrong, so please let me know if I am.
If more information is needed, please let me know so I can be more specific.