OpenSearch/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/duo-authn-config.xml

30 lines
1.8 KiB
XML
Raw Normal View History

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util" xmlns:p="http://www.springframework.org/schema/p" xmlns:c="http://www.springframework.org/schema/c"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
default-init-method="initialize" default-destroy-method="destroy">
<!--
By default, the Duo flow will use statically-defined integrations defined with the
duo.properties file. If you need more flexibility, you can define a function bean
called "shibboleth.authn.Duo.DuoIntegrationStrategy" to return an instance of
net.shibboleth.idp.authn.duo.DuoIntegration based on the state of the request.
A second bean, "shibboleth.authn.Duo.NonBrowser.DuoIntegrationStrategy", can be
supplied to use the AuthAPI for non-browser profiles.
The Duo flow is designed to operate in conjunction with some other login flow,
usually orchestrated by the MFA login flow. It obtains the username to send to
Duo based on the output of the other login flow or a previous session with the
user. You can override that approach using a function bean called
"shibboleth.authn.Duo.UsernameLookupStrategy" to supply the username from a
different source.
Various other beans are supported, per the documentation.
-->
</beans>