Help with setting up Duo Admin Panel and Shibboleth
Cantor, Scott
cantor.2 at osu.edu
Fri Jan 28 16:17:50 UTC 2022
I'm mistaken, deep apologies to Mark (who correctly questioned me on it). The missing link is that they are unusual in that they issue the request for the persistent NameID on the wire, it's in the request, not the metadata so I overlooked it until I checked my logs when pressed on it. So that is the fix and that's why.
As I said originally, don't waste time on configuration second guessing. USE YOUR LOGS folks. It's all right there (even when I'm the one doing the looking).
The logs in this case would likely have shown the IdP responding with a SAML error, which would have made the problem quite clear.
-- Scott
On 1/28/22, 10:33 AM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
On 1/27/22, 10:48 PM, "users on behalf of Melvin Lasky via users" <users-bounces at shibboleth.net on behalf of users at shibboleth.net> wrote:
> Thanks so much! That did it.
If that fixed anything, then your problem was an incorrect set of mappings on the RP side for how to pull in the data. My IdP does not send the email address in the NameID and it's definitely working fine.
-- Scott
More information about the users
mailing list