Shibboleth 3.3.1 and Duo

privas pedro.rivas664 at csuci.edu
Fri May 26 11:55:52 EDT 2017 

Hi All,

I was able to setup Duo and Shibboleth 3.2.1 but it was dropping my ECP
requests needed by Office 365 for basic auth and now I'm trying to set up
Duo after upgrading my test environment to 3.3.1. I've modified my
conf/authn/general-authn.xml file to contain:

       <bean id="authn/Duo" parent="shibboleth.AuthenticationFlow"
                p:forcedAuthenticationSupported="true"
                p:nonBrowserSupported="false">
            
            <property name="supportedPrincipals">
                <list>
                    <bean parent="shibboleth.SAML2AuthnContextClassRef"
                        c:classRef="http://id.incommon.org/assurance/mfa" />
                    <bean parent="shibboleth.SAML1AuthenticationMethod"
                        c:method="http://id.incommon.org/assurance/mfa" />
                </list>
            </property>
        </bean>

        <bean id="authn/MFA" parent="shibboleth.AuthenticationFlow"
                p:passiveAuthenticationSupported="true"
                p:forcedAuthenticationSupported="true">
            
            <property name="supportedPrincipals">
                <list>
                    <bean parent="shibboleth.SAML2AuthnContextClassRef"
                        c:classRef="http://id.incommon.org/assurance/mfa" />
                    <bean parent="shibboleth.SAML1AuthenticationMethod"
                        c:method="http://id.incommon.org/assurance/mfa" />
                    <bean parent="shibboleth.SAML2AuthnContextClassRef"
                       
c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol" />
                    <bean parent="shibboleth.SAML2AuthnContextClassRef"
                       
c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
/>
                    <bean parent="shibboleth.SAML2AuthnContextClassRef"
                       
c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:Password" />
                    <bean parent="shibboleth.SAML1AuthenticationMethod"
                        c:method="urn:oasis:names:tc:SAML:1.0:am:password"
/>
                </list>
            </property>
        </bean>

My conf/authn/duo.properties file has the correct information and that file
is referenced in idp.properties idp.additionalProperties property.

After logging in, MFA flow won't kick in and I can't find any reference to
Duo in my logs except under the startup script:
2017-05-26 15:54:55,561 - DEBUG
[net.shibboleth.idp.profile.spring.factory.FlowDefinitionRegistryFactoryBean:240]
- Registered flow ID 'authn/Duo' using 'file
[/opt/shibboleth-idp/flows/../system/flows/authn/duo-authn-flow.xml]'


Any help would be greatly appreciated!








--
View this message in context: http://shibboleth.1660669.n2.nabble.com/Shibboleth-3-3-1-and-Duo-tp7633434.html
Sent from the Shibboleth - Users mailing list archive at Nabble.com.

More information about the users mailing list