CAS 6.0.3 and DUO per service/ per attribute not forcing MFA

[K S]

I am having issue running CAS 6.0.3 and MFA DUO per service/ per attribute configured in JSON files , the configuration goes like this , during the deploy time i also see the error below 

2019-05-16 13:44:54,091 WARN [org.apereo.cas.services.util.RegisteredServiceMultifactorPolicyDeserializationProblemHandler] - <Found legacy attribute value [NOT_SET] which will be converted to [UNDEFINED] as part of a service multifactor authentication policy.The definition SHOULD manually be upgraded to the new supported syntax>

application.properties 

cas.authn.mfa.duo[0].trustedDeviceEnabled=false
cas.authn.mfa.duo[0].id=mfa-duo
cas.authn.mfa.duo[0].name=mfa-duo
cas.authn.mfa.duo[0].registrationUrl=https://xxx.yyy.zz/duo/
cas.authn.mfa.duo[0].rank=1
cas.authn.mfa.duo[0].duoSecretKey=3sdixxxxxxxxxxxxxxxpmXH7Z8OG
cas.authn.mfa.duo[0].duoApplicationKey=b38xxxxxxxxxxxx2465d1f
cas.authn.mfa.duo[0].duoIntegrationKey=DIOTPxxxxxxxxxxxxXXQ6Y
cas.authn.mfa.duo[0].duoApiHost=apixxxxxxx.duosecurity.com

service_id.json

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^https*://xxx.yyyyy.com.*",
  "name" : "Handshake",
  "description" : "",
  "id" : 1422000,
  "theme" : "MY",
  "evaluationOrder" : 45500,
  "multifactorPolicy" :
  {
   "@class" : "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
    "multifactorAuthenticationProviders" : [ "java.util.LinkedHashSet", [ "mfa-duo" ] ],
    "principalAttributeNameTrigger" : "memberOf",
    "principalAttributeValueToMatch" : "CN=IDM-duousers,OU=xx,DC=xx,DC=yy,DC=zz"
  },
  "usernameAttributeProvider" :
          {
        "@class" : "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider",
        "canonicalizationMode" : "LOWER",
        "encryptUsername" : false
          }
}