Failure when using MFA with SP requiring exact match on PasswordProtectedTransport
cantor.2 at osu.edu
Fri May 5 16:30:00 EDT 2017
On 5/5/17, 1:18 PM, "users on behalf of Leite, Zailo S." <users-bounces at shibboleth.net on behalf of zleite at caltech.edu> wrote:
> What am I doing wrong?
Nothing necessarily, but normal use of the MFA flow with RemoteUser and Duo as the constituent parts should be scripted such that RemoteUser runs and then Duo runs, and if you do that, then the "merged" result of a Duo execution will be a Subject that carries both the Duo and RemoteUser supportedPrincipal sets. That would not result in the error you're getting. So you're doing something wrong, perhaps, but it isn't in any of the basic configuration, probably more in what your MFA rules are doing.
More information about the users