Failmode of Duo Authentication Flow
Cantor, Scott
cantor.2 at osu.edu
Mon Feb 3 08:27:25 EST 2020
> We're trying configuring the failmode of Duo authentication flow. It seems like
> that Duo provides an optional parameter, "duo.failmode", which should be
> configurable in duo.properties file. However, I don't see any comments in
> duo.properties file for this parameter. And also, there is no "failmode" field in
> the "net.shibboleth.idp.authn.duo.BasicDuoIntegration" class. I'm wondering if
> there is a way to set the failmode of Duo authentication? The version of our
> current IdP is V3.3. Any suggestion would be helpful.
Whatever documentation you are looking at has nothing to do with Shibboleth and is not correct. There is no such property in the supported flow.
However, since the primary use of the flow is via the MFA feature, the intention is that you are free to implement whatever pre-flight checking and failure handling you want via that configuration with your own code. It doesn't need to be part of the Duo flow, or specific to Duo, since the issue would apply to any third party authentication system.
-- Scott
More information about the users
mailing list