1

I am using ITfoxtec.Identity.Saml2.Mvc version 4.7.1, .Net Framework version 4.7.2, and Duo Security for my IDp.

I've already tried this solution. When I use this example, it returns a Saml2AuthnResponse with a status of Responder.

I have also tried adding Format to the NameID as shown below. I have confirmed that the format matches the setting in Duo Security.

var config = new Saml2AuthnRequest(IdentityConfig.Saml2Configuration)
     {
          Subject = new Subject { NameID = new NameID { ID = form.EmailAddress, 
          Format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" } }
     };

And tried added it this way:

     var config = new Saml2AuthnRequest(IdentityConfig.Saml2Configuration)
          {
               NameId = new Saml2NameIdentifier(form.EmailAddress),
          };

Which does return a success status but it then redirects to a page to enter the email address. I am wanting it to go straight to the password input page.

Logan
  • 11
  • 1

1 Answers1

0

Your code looks correct:

new Saml2AuthnRequest(IdentityConfig.Saml2Configuration)
{ 
    Subject = new Subject 
    { 
        NameID = new NameID 
        {
            ID = form.EmailAddress, 
            Format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
        }
    }
};

You are getting the Responder status from Duo Security, which means they have experienced an error. I think you need to ask Duo Security what error they are experiencing and what they support.

Anders Revsgaard
  • 3,636
  • 1
  • 9
  • 25
  • 1
    Ok. Thanks for the response. We still haven't had time to get into contact with DUO yet, but it's good to have clarity that the problem isn't my code. Once we finally get it sorted, I'll update. – Logan Feb 04 '22 at 21:57