Help with setting up Duo Admin Panel and Shibboleth
Melvin Lasky
melvin.lasky at manhattan.edu
Thu Jan 27 23:47:51 UTC 2022
Hey All,
I’ve been having a hard time setting up Duo Admin Panel with Shibboleth so if anyone can shed some light that be great.
I keep getting:
Invalid response from SSO provider.
I tried unencrypted assertions with my
<bean parent="RelyingPartyByName" c:relyingPartyIds=“xxxxx">
<property name="profileConfigurations">
<list>
<bean parent="SAML2.SSO" p:encryptAssertions="false" />
</list>
</property>
</bean>
(Where XXX is my Duo URL stuff)
But that didn’t work.
I saw this in there document (https://help.duo.com/s/article/4388?language=en_US <https://help.duo.com/s/article/4388?language=en_US>)
• If the IdP is not signing both the assertion and the response. Duo requires that ADFS, Azure, Duo Access Gateway, Okta, and Shibboleth sign both the assertion and the response.
• To resolve this issue when using one of these IdPs, configure the IdP to sign both the assertion and the response.
——
How do I do that? I assume signing the assertion is just me taking out that relying party section but how do I sign the response?
Thanks for your help!
Any suggestions would be greatly appreciated!
Mel
Melvin Lasky
Associate Director of Enterprise Architecture
Riverdale, NY 10471
Phone: 718-862-7410
melvin.lasky at manhattan.edu
www.manhattan.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220127/da07810e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1.jpeg
Type: image/jpeg
Size: 3547 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20220127/da07810e/attachment.jpeg>
More information about the users
mailing list