Does this authentication process work for the fulfiller portal?

In Orlando, the MFA is built into the login widget and works, but there is a major issue with it.   

First, It must be turned on in the properties of MFA.

Multifactor Authentication Properties > Enable Multi-factor authentication:
Yes|No

Second, on the user record there is a field called "Enable Multifactor Authentication" that needs to be true.

HOWEVER!

There is a huge bug, breaking the user experience of MFA, with URL redirects, rendering it useless in the portal. The MFA code that SN wrote only works for the use case of logging in, only if you came to the login page directly and not been redirected to the login page via a portal "deep link", like in an email.

The error is in the redirection code that redirects to "multi_factor_auth_setup_page.do" after login if you came into the portal via a secure url. And as it tries to redirect you to "multi_factor_auth_setup_page.do", it doesn't account for the portal segment of the URL, and the redirect fails and 404's due to the incorrect URL segment of it including the portal segment.  Now if the user drops out of the MFA process half way, and comes back again via another secure url, it continues to redirect to a missing page (404) because of the malformed URL.

Example.

Inward secure url
...servicenow.com/sp/?id=some_secure_page

> Login
...servicenow.com/sp/?id=login

Redirects to 404 as no page exists on that URL due to the included portal segment.
...servicenow.com/sp/multi_factor_auth_setup_page.do


The fix is that the redirect needs to consider that the portal is part of the URL segments, and needs to be removed in-order to point to the correct UI Page of "multi_factor_auth_setup_page.do"

Corrected URL for redirect.
...servicenow.com/multi_factor_auth_setup_page.do

The bug is that the redirect script is missing the forward slash for the relative link. eg...
$window.location = "/multi_factor_auth_setup_page.do";

But can I find the code anywhere where I can change it, nope. And thus rendering the MFA through the portal broken because if it doesn't redirect correctly, and to 404 pages that the end user cannot break free from due to the incomplete MFA process, it's essentially breaks the portal.

I have tried multiple work arounds but to no avail as the login widget response doesn't go far enough in it's login process and response to create a condition to test aganist. And this issue exists outside of the login process too, if failure to complete the MFA process happened, and so the only way to resolve it was at the redirection point. But it seems that code sits somewhere on the inside of SN.

Now this might only be related to this customers instance, but if anyone knows another work around, it'll be great to hear how you did it.