From c3fca4d9ba7394ab2ac679d325fa39b385b2a339 Mon Sep 17 00:00:00 2001
From: David De Leon <56207066+davidadeleon@users.noreply.github.com>
Date: Fri, 27 Oct 2023 21:09:52 -0400
Subject: [PATCH 1/2] skip unnecessary deriving of policies from entity on
 Login MFA check

---
 vault/request_handling.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vault/request_handling.go b/vault/request_handling.go
index 6df24db7cd50..84a606e5847c 100644
--- a/vault/request_handling.go
+++ b/vault/request_handling.go
@@ -1676,7 +1676,7 @@ func (c *Core) handleLoginRequest(ctx context.Context, req *logical.Request) (re
 		source := c.router.MatchingMount(ctx, req.Path)
 
 		// Login MFA
-		entity, _, err := c.fetchEntityAndDerivedPolicies(ctx, ns, auth.EntityID, false)
+		entity, _, err := c.fetchEntityAndDerivedPolicies(ctx, ns, auth.EntityID, true)
 		if err != nil {
 			return nil, nil, ErrInternalError
 		}

From 1cb94d00435338dbbe7f96c01823ddca18ce4d40 Mon Sep 17 00:00:00 2001
From: David De Leon <56207066+davidadeleon@users.noreply.github.com>
Date: Tue, 31 Oct 2023 09:11:55 -0400
Subject: [PATCH 2/2] add changelog

---
 changelog/23894.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 changelog/23894.txt

diff --git a/changelog/23894.txt b/changelog/23894.txt
new file mode 100644
index 000000000000..a94e1428eadd
--- /dev/null
+++ b/changelog/23894.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+core: Skip unnecessary deriving of policies during Login MFA Check.
+```
\ No newline at end of file