Shib with DUO MFA
Nate Klingenstein
ndk at signet.id
Fri May 31 15:27:31 EDT 2019
Gerry,
You're sending the user directly to the Duo login handler, which won't work because it doesn't have a username to validate:
> Caused by: com.duosecurity.duoweb.DuoWebException: ERR|The username passed to sign_request() is invalid.
>
> at net.shibboleth.idp.authn.duo.impl.DuoSupport.generateSignedRequestToken(DuoSupport.java:84)
You'll want to write an MFA script that does password-based authentication first and then transitions into Duo.
https://wiki.shibboleth.net/confluence/display/IDP30/MultiFactorAuthnConfiguration
Best wishes,
Nate.
More information about the users
mailing list