Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-1448

Duplicate/missing configuration property in duo.properties breaks non-browser factor selection

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: 3.4.3
    • Fix Version/s: 3.4.4
    • Component/s: Configuration, Duo
    • Labels:
      None
    • Operating System:
      Windows
    • Java Version:
      Oracle Java 8
    • Servlet Container:
      Apache Tomcat 8.5

      Description

      In the shipping version of duo.properties, the following "three" configuration keys are defined:

      ## Request header names for Duo non-browser credentials.
      idp.duo.nonbrowser.header.factor = X-Shibboleth-Duo-Factor
      idp.duo.nonbrowser.header.device = X-Shibboleth-Duo-Device
      idp.duo.nonbrowser.header.factor = X-Shibboleth-Duo-Passcode

      Per duo-authn-beans.xml, the third (duplicated) configuration key should read as "idp.duo.nonbrowser.header.passcode" instead.

      This prevents passcode-based non-browser Duo authentication flows from succeeding (since the IdP will default to "auto" instead).

      The workaround is trivial: rename the configuration key in duo.properties. This may be the root cause of https://github.com/techservicesillinois/awscli-login/issues/29.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tzeller@shibboleth.net Tom Zeller
              Reporter:
              mdomingues@uiowa.edu mdomingues@uiowa.edu
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: