Headers for non-browser Duo auth in 3.4.3

Cantor, Scott cantor.2 at osu.edu
Thu Feb 28 16:04:06 EST 2019


On 2/28/19, 3:44 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:

> We upgraded to IdP 3.4.3 this morning, and all seemed well until someone came through using our AWS command-line
> login that utilizes ECP and passes in the X-Shibboleth-Duo-Factor and X-Shibboleth-Duo-Passcode headers. This worked
> on 3.3.2 with John Pfeifer's DuoAuthAPI module. It's not working now, and the IdP seems to be ignoring the headers:

If you're still using his code and not the built-in code, I would imagine that could be a problem for reasons unknown, but if not, I know the new code works. I don't think the headers I used are named the same as they were in his contributed code, FWIW, but I don't know what they were. I just seem to recall changing them.

> Is there a bug? Or could there be come other reason that the IdP seems to be ignoring the values of these headers
> getting passed in?

Web server I guess, but I've tested all the headers at different times.

-- Scott




More information about the users mailing list