Shib with DUO MFA

Nate Klingenstein ndk at
Fri May 31 15:27:31 EDT 2019


You're sending the user directly to the Duo login handler, which won't work because it doesn't have a username to validate:

> Caused by: com.duosecurity.duoweb.DuoWebException: ERR|The username passed to sign_request() is invalid.
>             at net.shibboleth.idp.authn.duo.impl.DuoSupport.generateSignedRequestToken(

You'll want to write an MFA script that does password-based authentication first and then transitions into Duo.

Best wishes,

More information about the users mailing list