Shibboleth v4.1.2 and DuoOIDC

Mark Boyce Mark.Boyce at ucop.edu
Fri Aug 20 16:24:56 UTC 2021 

Hi Philip,

Yes we're all "fixed"... thanks for following up.

Thanks,
m.

-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Philip Smart via users
Sent: Friday, August 20, 2021 11:13 AM
To: users at shibboleth.net
Cc: Philip Smart <Philip.Smart at jisc.ac.uk>
Subject: Re: Re: Shibboleth v4.1.2 and DuoOIDC

Hi Mark,

Did you manage to fix the DuoOIDC error you were seeing?

Generally, the error 'Duo 2FA health check responded with a failure status of: invalid_client’ relates either to an invalid client ID (idp.duo.oidc.clientId) and or client secret (idp.duo.oidc.secretKey). That is, just make sure those properties are set (and loaded) correctly and correspond to those in your 'protected application’ in the Duo admin panel.

The health check step checks with Duo that you have a registered client and the correct corresponding client secret - which they do by verifying a HMAC of the clientID inside a JWT sent in the health check request.

Phil

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under company number. 05747339, VAT number GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.


Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 02881024, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.


Jisc Commercial Limited is a wholly owned Jisc subsidiary and a company limited by shares which is registered in England under company number 09316933, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.


For more details on how Jisc handles your data see our privacy notice here: https://www.jisc.ac.uk/website/privacy-notice
-- 
For Consortium Member technical support, see https://shibboleth.atlassian.net/wiki/x/ZYEpPw
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list