Shib with DUO MFA
ndk at signet.id
Fri May 31 15:27:31 EDT 2019
You're sending the user directly to the Duo login handler, which won't work because it doesn't have a username to validate:
> Caused by: com.duosecurity.duoweb.DuoWebException: ERR|The username passed to sign_request() is invalid.
> at net.shibboleth.idp.authn.duo.impl.DuoSupport.generateSignedRequestToken(DuoSupport.java:84)
You'll want to write an MFA script that does password-based authentication first and then transitions into Duo.
More information about the users