Two-factor authentication requires a user to log in with a username, password and a second factor, such as a Duo two-factor option. You can configure your website to require two-factor authentication to provide greater security for your service.
Configuration Option 1 - Apache Users
Apache 2.4
AuthType shibboleth
ShibRequestSetting authnContextClassRef https://refeds.org/profile/mfa
ShibRequestSetting requireSession 1
<RequireAll>
Require authnContextClassRef "https://refeds.org/profile/mfa"
Require shib-session
</RequireAll>
Apache 2.2
AuthType shibboleth ShibRequestSetting authnContextClassRef https://refeds.org/profile/mfa ShibRequestSetting requireSession 1 ShibRequireAll on ShibCompatWith24 on Require shib-session Require authnContextClassRef "https://refeds.org/profile/mfa"
If this site only require Two-Factor for certain location, this configuration will not work reliably. If the user doesn't have valid session and requests content in the Two Factor requireddirectory first, two-factor will be enforced. If the user requests content from your site that NOT requires Two Factor and then requests content in the Two Factor directory, user may get authorization deny error if user hasn't completed two factor.