Disable Duo for ECP

Cantor, Scott cantor.2 at osu.edu
Mon Mar 19 12:17:57 EDT 2018

> If you're using the MFA flow, you can check for the ECP profile in your script
> and, if it's being used, force password:
> If (profileContext.getProfileId() ==
> http://shibboleth.ent/ns/profiles/saml2/sso/ecp)

Or check !profileContext.isBrowserProfile() if you want to be generic.

I have Maryland's Duo Auth API code that works with ECP, I'm still digesting it and have just been too busy on the SP to deal with it.

Being that AWS CLI is a pretty common use case for this, I have to wonder whether anybody is pushing them to fix that "one hour maximum" limitation on the temp credentials they issue.

-- Scott

More information about the users mailing list