The great thing about authentication chaining is that you can create very specific profiles to suit very specific authentication requests.
One example could be an Intranet. The Intranet could use Windows authentication in the first instance, then an Adaptive Risk module triggered to fail if requests are from outside a certain IP address range, which would then invoke LDAP authentication as well as two factor authentication.
Also note it is possible to have multiple Adaptive Risk modules in the same Authentication Chain. This would allow for the layered creation of authentication which becomes more burdensome as the risk increases.
However, it is important to note that authentication is a burden for users, and especially ...