ECP MFA -- 'mfa-authn-config.xml'

[Cantor, Scott]

> Should "p:nonBrowserSupported="false"" -- be changed to "true" (I've
> previously tried either -- but I may have messed up elsewhere). I have set up
> duo.properties for the default 'idp.duo.nonbrowser.*' keys.

It has to be true, self-evidently (ECP is not a browser), but it is absent (and true) by default on the MFA flow.

It's false for Duo by default because you need to deploy a second integration of a different type in Duo to support non-browser AuthAPI use.
 
-- Scott