duo-authn-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context"
    xmlns:util="http://www.springframework.org/schema/util" xmlns:p="http://www.springframework.org/schema/p" xmlns:c="http://www.springframework.org/schema/c"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"

    default-init-method="initialize" default-destroy-method="destroy">

    <!--
    By default, the Duo flow will use statically-defined integrations defined with the
    duo.properties file. If you need more flexibility, you can define a function bean
    called "shibboleth.authn.Duo.DuoIntegrationStrategy" to return an instance of
    net.shibboleth.idp.authn.duo.DuoIntegration based on the state of the request.
    A second bean, "shibboleth.authn.Duo.NonBrowser.DuoIntegrationStrategy", can be
    supplied to use the AuthAPI for non-browser profiles.

    The Duo flow is designed to operate in conjunction with some other login flow,
    usually orchestrated by the MFA login flow. It obtains the username to send to
    Duo based on the output of the other login flow or a previous session with the
    user. You can override that approach using a function bean called
    "shibboleth.authn.Duo.UsernameLookupStrategy" to supply the username from a
    different source.

    Various other beans are supported, per the documentation.
    -->

</beans>
	<?xml version="1.0" encoding="UTF-8"?>
	<beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context"
	xmlns:util="http://www.springframework.org/schema/util" xmlns:p="http://www.springframework.org/schema/p" xmlns:c="http://www.springframework.org/schema/c"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
	http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
	http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"

	default-init-method="initialize" default-destroy-method="destroy">

	<!--
	By default, the Duo flow will use statically-defined integrations defined with the
	duo.properties file. If you need more flexibility, you can define a function bean
	called "shibboleth.authn.Duo.DuoIntegrationStrategy" to return an instance of
	net.shibboleth.idp.authn.duo.DuoIntegration based on the state of the request.
	A second bean, "shibboleth.authn.Duo.NonBrowser.DuoIntegrationStrategy", can be
	supplied to use the AuthAPI for non-browser profiles.

	The Duo flow is designed to operate in conjunction with some other login flow,
	usually orchestrated by the MFA login flow. It obtains the username to send to
	Duo based on the output of the other login flow or a previous session with the
	user. You can override that approach using a function bean called
	"shibboleth.authn.Duo.UsernameLookupStrategy" to supply the username from a
	different source.

	Various other beans are supported, per the documentation.
	-->

	</beans>