Help with setting up Duo Admin Panel and Shibboleth

Melvin Lasky melvin.lasky at
Thu Jan 27 23:47:51 UTC 2022

Hey All,
	I’ve been having a hard time setting up Duo Admin Panel with Shibboleth so if anyone can shed some light that be great.

I keep getting:

Invalid response from SSO provider.

I tried unencrypted assertions with my 

        <bean parent="RelyingPartyByName" c:relyingPartyIds=“xxxxx">
            <property name="profileConfigurations">
                    <bean parent="SAML2.SSO" p:encryptAssertions="false" />

(Where XXX is my Duo URL stuff)

But that didn’t work.

I saw this in there document ( <>)

	• If the IdP is not signing both the assertion and the response. Duo requires that ADFS, Azure, Duo Access Gateway, Okta, and Shibboleth sign both the assertion and the response.
		• To resolve this issue when using one of these IdPs, configure the IdP to sign both the assertion and the response.


How do I do that? I assume signing the assertion is just me taking out that relying party section but how do I sign the response?

Thanks for your help!

Any suggestions would be greatly appreciated!


Melvin Lasky
Associate Director of Enterprise Architecture

Riverdale, NY 10471
Phone: 718-862-7410
melvin.lasky at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1.jpeg
Type: image/jpeg
Size: 3547 bytes
Desc: not available
URL: <>

More information about the users mailing list