Shibboleth 3.3.3 and Duo MFA Issue

[Alexandre Adao]

Thank you for your fast response.

On Thu, Jul 19, 2018 at 4:38 PM Cantor, Scott <cantor.2 at osu.edu> wrote:

> > I am running Shibboleth Idp version 3.3.3. I am trying configure
> Shibboleth
> > with Duo MFA. I followed the instructions from both sources:
> > https://mimoto.co.uk/shibboleth-idp/duo/mfa/2017/06/01/duo-mfa-in-
> > shibboleth-idp.html
>
> Which is not our documentation and not anything I'm going to read or
> comment on.
>
> > and
> https://wiki.shibboleth.net/confluence/display/IDP30/DuoAuthnConfiguration
>
> That's only half the picture. You have to use the MFA flow as a driver for
> the logic to apply for when to trigger both factors, which is documented in
> its own right in its own topic, and it comes with examples that are
> directly adaptable to use Duo as the second factor, you just transplant
> IPAddress + Password in the shipped example to Password + Duo instead, at
> least as a starting point.
>
> > The idp-process.log shows that I am having problems as follows:
>
> That's entirely non-specific, but it suggests you aren't using the MFA
> flow or at least not using it correctly, so I would have to suggest you
> start with that documentation. If the setting in idp.properties to control
> which login flow to run doesn't have only the MFA flow active, you're
> probably not doing things as documented. If you do, then you probably have
> something misconfigured in the supportedPrincipals collections for the
> various flows in general-authn.xml that aren't fitting together.
>
> -- Scott
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180719/2a3a5c09/attachment.html>