Failmode of Duo Authentication Flow

Cantor, Scott cantor.2 at
Mon Feb 3 08:27:25 EST 2020

> We're trying configuring the failmode of Duo authentication flow. It seems like
> that Duo provides an optional parameter, "duo.failmode", which should be
> configurable in file. However, I don't see any comments in
> file for this parameter. And also, there is no "failmode" field in
> the "net.shibboleth.idp.authn.duo.BasicDuoIntegration" class. I'm wondering if
> there is a way to set the failmode of Duo authentication? The version of our
> current IdP is V3.3. Any suggestion would be helpful.

Whatever documentation you are looking at has nothing to do with Shibboleth and is not correct. There is no such property in the supported flow.

However, since the primary use of the flow is via the MFA feature, the intention is that you are free to implement whatever pre-flight checking and failure handling you want via that configuration with your own code. It doesn't need to be part of the Duo flow, or specific to Duo, since the issue would apply to any third party authentication system.

-- Scott

More information about the users mailing list