IdP 3.2 and DuoSecurity options
Rich Graves
rgraves at carleton.edu
Thu Dec 31 13:21:14 EST 2015
> As for 3.2. I've been testing the Unicon module with 3.2 on latest Jetty, and aside from a minor issue with Duo.vm not handling $requestContext properly, it seems to work just fine.
Hmm, maybe I'll try it again. The instructions didn't exactly apply, as some paths have changed.
I'm also giving the Duo package a try. It has some nice fail-safe behavior (shib-mfa-duo-auth issue #9). It doesn't do authentication contexts as "correctly" as Unicon's version, so I could not make specific SPs demand Duo (or Gold/Silver), but I don't currently need that feature. All I really want is to be able to toggle Duo on and off with a per-user LDAP attribute, which looks doable either at the Spring level or by injecting the LDAP call into their DuoShibboleth.java.
More information about the users
mailing list