Failmode of Duo Authentication Flow

Lee Foltz foltz2 at oakland.edu
Fri Jan 31 14:19:25 EST 2020


This is outlined here below and and example of what we use.  We are running
IDP 3.4.6
https://wiki.shibboleth.net/confluence/pages/viewpage.action?pageId=32112643


Configured in duo.properties
idp.duo.failmode = safe
idp.duo.failmode = secure

safe mode - In the event that Duo's service cannot be contacted, users'
authentication attempts will be permitted if primary authentication
succeeds. (Default)
secure mode - In the event that Duo's service cannot be contacted, all
users' authentication attempts will be rejected.

On Fri, Jan 31, 2020 at 2:05 PM Zunan Dong <zunan.dong at utoronto.ca> wrote:

> Hi Team,
>
> Our organization is trying to integrate Duo with Shibboleth IdP.
>
> We're trying configuring the failmode of Duo authentication flow. It
> seems like that Duo provides an optional parameter, "duo.failmode",
> which should be configurable in duo.properties file. However, I don't
> see any comments in duo.properties file for this parameter. And also,
> there is no "failmode" field in the
> "net.shibboleth.idp.authn.duo.BasicDuoIntegration" class. I'm wondering
> if there is a way to set the failmode of Duo authentication? The version
> of our current IdP is V3.3. Any suggestion would be helpful.
>
> Appreciated,
>
> --
> Zunan Dong
> Authentication Systems Specialist
> Information Security
> Information Technology Services
> University of Toronto
> Email: zunan.dong at utoronto.ca
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>


-- 
Lee Foltz
Oakland University - UTS
Senior Identity and Access Management Engineer

248-370-2675
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200131/2a20f7cf/attachment.html>


More information about the users mailing list