Odd Duo Exception after upgrading to 3.3.0 from 3.2.0

Cantor, Scott cantor.2 at osu.edu
Fri Feb 3 17:45:43 EST 2017


On 2/3/17, 5:32 PM, "users on behalf of Christopher Bongaarts" <users-bounces at shibboleth.net on behalf of cab at umn.edu> wrote:

>  The two changes we made that we effectively reverted to the 3.3.0 delivered version were the contextConfigLocation
> values, which we had modified as directed by the Duo module docs.  The one at the webapp level is different between
> (stock) 3.2.1 and (stock) 3.3.0:

Right, but one is a superset of the other, and their flow couldn't have been depending on the new values.

What we changed in 3.3 was just to deprecate the original hook we provided and to formally define a pre- and post- hook that could explicitly control its interactions with our own system beans.

> So our mucking with the values, and/or the (lack of) change to the webapp-level parameter, apparently is enough to make
> the IdP unable to find certain parent flows (Mark's couldn't find the c10n flow; in our case it couldn't find the abstract
> authn flow).

There's an explicit mechanism in 3.3 for jars to define flows to the system on the fly now, so the original cause of the problem, whatever it is, should be fixed for extension authors in the future. There really was no way to define flows without copying files into idp.home/flows/, that was simply a requirement pre-3.3.

I know roughly what the problem was, I just don't know how the web.xml changes could have fixed it. Very weird.

-- Scott




More information about the users mailing list