1 files changed, 25 insertions, 0 deletions

diff --git a/conf-from-container/conf/authn/duo-authn-config.xml b/conf-from-container/conf/authn/duo-authn-config.xml
new file mode 100644
index 0000000..0a48152
--- /dev/null
+++ b/conf-from-container/conf/authn/duo-authn-config.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context"
+    xmlns:util="http://www.springframework.org/schema/util" xmlns:p="http://www.springframework.org/schema/p" xmlns:c="http://www.springframework.org/schema/c"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
+                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
+
+    default-init-method="initialize" default-destroy-method="destroy">
+
+    <!--
+    By default, the Duo flow will use a statically-defined integration defined with the
+    duo.properties file. If you need more flexibility, you can define a function bean
+    called "shibboleth.authn.Duo.DuoIntegrationStrategy" to return an instance of
+    net.shibboleth.idp.authn.duo.DuoIntegration based on the state of the request.
+
+    The Duo flow is designed to operate in conjunction with some other login flow,
+    usually orchestrated by the MFA login flow. It obtains the username to send to
+    Duo based on the output of the other login flow or a previous session with the
+    user. You can override that approach using a function bean called
+    "shibboleth.authn.Duo.UsernameLookupStrategy" to supply the username from a
+    different source.
+    -->
+
+</beans>