IdP 3.2 and multiple Duo Applications

Yavor Yanakiev yavor at nyu.edu
Tue Dec 15 21:20:38 EST 2015


The idea is to have just few, 3 or 4 Duo flows, which will be used by all
SPs that fit in particular category. For example, some SPs will not use
"Trusted Devices" setting in their flow.
It was possible to define the Duo application arguments per LoginHandler in
IdP v2.x but at the moment even Duo provided IdP v3 integration doesn't
give you this option.


On Tue, Dec 15, 2015 at 8:01 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:

> On 12/15/15, 7:12 PM, "users on behalf of Yavor Yanakiev" <
> users-bounces at shibboleth.net on behalf of yavor at nyu.edu> wrote:
>
>
>
> >We use Duo integration based on Unicon/University of Chicago setup but it
> seems to have one crucial limitation: it doesn't support multiple Duo
> application. At the moment, the Duo arguments related to the application
> are provided by properties with fixed
> > names which are hard coded into DuoAuthenticationService.groovy
>
> I think that's largely impractical, based on my understanding, because you
> would need separate shared secrets and identification strings for every SP
> for that to work. One could build out some kind of table logic to handle it
> for a subset I guess, but it appears to just be largely impractical to me
> with their design. A flaw I think, but not sure it's really solvable.
>
> -- Scott
>
>


-- 
Yavor Yanakiev
Systems Developer for Identity Services
212-992-7585
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20151215/909aa2fa/attachment-0001.html>


More information about the users mailing list