Configuring Duo authentication for use upon request
...
| Note | ||
|---|---|---|
| ||
SAML V2.0 introduced the notion of an Authentication Context Class, denoted by an URI. A particular Authentication Context Class addresses may address a wide range of assurance issues including user registration, identity proofing and credentialing, in addition to the method of authentication. |
...
Alternatively, choose a URL in your institution's namespace, that is, a URL rooted in a domain owned by your institution. (In this case, the URL is just a name, so it need not resolve to an actual web resource.)
...
To configure this servlet to handle only the specific method intended, add the authnMethod init param like so:
| Code Block |
|---|
<servlet>
<servlet-name>TwoFactorLoginHandler</servlet-name>
<servlet-class>com.duosecurity.shibboleth.idp.twofactor.TwoFactorLoginServlet</servlet-class>
<init-param>
<param-name>authnMethod</param-name>
<param-value>urn:usc.edu:ac:classes:PasswordProtectedTransport:duo</param-value>
</init-param>
<load-on-startup>4</load-on-startup>
</servlet> |
...
The SessionInitiator is extremely configurable and can allow for many customizations and different ways of using it. In the latest releases, this element is not configured by default and the software automatically configures it to the defaults. The following line can be added to the Sessions element, or it can be used inside of another SessionInitiator of type="Chaining" if you have multiple ways to initiate a session. In any case, the key attribute is authnContextClassRef. This attribute is configured on the SessionInitiator of type SAML2. For example:
...