<!-- Turn off default behavior in favor of integration-specific principals below. -->
<util:constant id="shibboleth.authn.Duo.addDefaultPrincipals" static-field="java.lang.Boolean.FALSE" />
<bean id="DefaultDuo" classparent="net.shibboleth.idp.authn.duoDuo.BasicDuoIntegrationDuoIntegration"
p:APIHost="%{idp.duo.apiHost:none}"
p:applicationKey="%{idp.duo.applicationKey:none}"
p:integrationKey="%{idp.duo.integrationKey:none}"
p:secretKey="%{idp.duo.secretKey:none}">
<property name="supportedPrincipals">
<list>
<bean parent="shibboleth.SAML2AuthnContextClassRef"
c:classRef="http://example.org/ac/classes/mfa/default" />
<bean parent="shibboleth.SAML1AuthenticationMethod"
c:method="http://example.org/ac/classes/mfa/default" />
</list>
</property>
</bean>
<bean id="SpecialDuo" classparent="net.shibboleth.idp.authn.duoDuo.BasicDuoIntegrationDuoIntegration"
p:APIHost="%{idp.specialduo.apiHost:none}"
p:applicationKey="%{idp.specialduo.applicationKey:none}"
p:integrationKey="%{idp.specialduo.integrationKey:none}"
p:secretKey="%{idp.specialduo.secretKey:none}">
<property name="supportedPrincipals">
<list>
<bean parent="shibboleth.SAML2AuthnContextClassRef"
c:classRef="http://example.org/ac/classes/mfa/special" />
<bean parent="shibboleth.SAML1AuthenticationMethod"
c:method="http://example.org/ac/classes/mfa/special" />
</list>
</property>
</bean>
<util:list id="DuoIntegrationList">
<ref bean="SpecialDuo" />
<ref bean="DefaultDuo" />
</util:list>
<bean id="shibboleth.authn.Duo.DuoIntegrationStrategy" parent="shibboleth.ContextFunctions.Scripted"
factory-method="inlineScript"
p:customObject-ref="DuoIntegrationList">
<constructor-arg>
<value>
<![CDATA[
duo = null;
authCtx = input.getSubcontext("net.shibboleth.idp.authn.context.AuthenticationContext");
iter = custom.iterator();
while (duo == null && iter.hasNext()) {
duo = iter.next();
if (!authCtx.isAcceptable(duo)) {
duo = null;
}
}
duo;
]]>
</value>
</constructor-arg>
</bean> |