Duo and SMS not supported
Wessel, Keith
kwessel at illinois.edu
Thu Feb 4 20:36:19 UTC 2021
Hi, all,
I had a user report not being able to use SMS with the IdP's non-browser flow (2FA with ECP). I know that this worked back when we were using Maryland's module before it was integrated into the IdP. The factor header was set to sms, and the authentication would fail but an SMS code was sent. Then, the user could authenticate again and supply the code they got from the text message.
I'm not sure if this stopped working when we switched from the Maryland code to the built-in code or if it was later, but we now see:
2021-02-04 14:21:17,977 - WARN [net.shibboleth.idp.authn.duo.impl.ExtractDuoAuthenticationFromHeaders:205] - Profile Action ExtractDuoAuthenticationFromHeaders: Request for SMS codes unsupported
Is there a reason this isn't supported? I agree that the having to log in twice was clunky, but we had users who liked it.
Thanks,
Keith
More information about the users
mailing list