Shibboleth 3.3.3 and Duo MFA Issue

Alexandre Adao alexadao at
Thu Jul 19 17:01:59 EDT 2018

Thank you for your fast response.

On Thu, Jul 19, 2018 at 4:38 PM Cantor, Scott <cantor.2 at> wrote:

> > I am running Shibboleth Idp version 3.3.3. I am trying configure
> Shibboleth
> > with Duo MFA. I followed the instructions from both sources:
> >
> > shibboleth-idp.html
> Which is not our documentation and not anything I'm going to read or
> comment on.
> > and
> That's only half the picture. You have to use the MFA flow as a driver for
> the logic to apply for when to trigger both factors, which is documented in
> its own right in its own topic, and it comes with examples that are
> directly adaptable to use Duo as the second factor, you just transplant
> IPAddress + Password in the shipped example to Password + Duo instead, at
> least as a starting point.
> > The idp-process.log shows that I am having problems as follows:
> That's entirely non-specific, but it suggests you aren't using the MFA
> flow or at least not using it correctly, so I would have to suggest you
> start with that documentation. If the setting in to control
> which login flow to run doesn't have only the MFA flow active, you're
> probably not doing things as documented. If you do, then you probably have
> something misconfigured in the supportedPrincipals collections for the
> various flows in general-authn.xml that aren't fitting together.
> -- Scott
> --
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list