Duo and SMS not supported

Wessel, Keith kwessel at illinois.edu
Thu Feb 4 20:36:19 UTC 2021


Hi, all,

I had a user report not being able to use SMS with the IdP's non-browser flow (2FA with ECP). I know that this worked back when we were using Maryland's module before it was integrated into the IdP. The factor header was set to sms, and the authentication would fail but an SMS code was sent. Then, the user could authenticate again and supply the code they got from the text message.

I'm not sure if this stopped working when we switched from the Maryland code to the built-in code or if it was later, but we now see:

2021-02-04 14:21:17,977 - WARN [net.shibboleth.idp.authn.duo.impl.ExtractDuoAuthenticationFromHeaders:205] - Profile Action ExtractDuoAuthenticationFromHeaders: Request for SMS codes unsupported

Is there a reason this isn't supported? I agree that the having to log in twice was clunky, but we had users who liked it.

Thanks,
Keith



More information about the users mailing list