Internet2 Confluence has been upgrade to 7.19.20. Questions? Contact techsupport@internet2.edu.

Duo Security Outage - Responses and Planning for Future

Created by Dean Woodbeck (internet2.edu), last modified by Brett Bieber (unl.edu) on Feb 08, 2016

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

The following page offers advice for planning and handling outages to the Duo Security service.

Monitoring Duo

Duo offers a specific status page, https://status.duo.com/ with outage information, and is a good place to start.

Bypassing Duo

A few solutions were offered to support a fail-open integration, to allow AuthN to continue in a weakened state:

Configure IdP to check group membership before prompting for Duo, and remove users from the group to bypass.
1. Nebraska uses a CAS Duo Extension configured to check for a specific attribute value memberOf: cn=psp:orgs:idm:DuoEnabled,ou=grouper,ou=group,dc=unl,dc=edu
...

Communicating Change in AuthN Context to SPs

When the IdP is authenticating in bypass mode, what should be sent to SPs indicating that the AuthN context is different?

If Duo is part of the assurance, the IdP should not assert the assurance level.

No labels