DUO SSO with ADFS as IDP issue

benjishirley · ‎10-12-2020

Hi,

while debugging the issue configuring ADFS as Primary Authentication Factor for DUO SSO we figured out that the redirect URL Duo SSO generates pointing to our ADFS Servers contains the URL Query Parameter RelayState which is empty. Microsoft ADFS Server cannot process the SAML Request if &RelayState comes at the end ane throws this error.

This is a sample redirect URL:

https://adfs.company.domain/adfs/ls?SAMLRequest=rZJRb5swFIXf8ys....Q72CwD%3D&RelayState

And this the error on ADFS Server:
“System.ArgumentException: MSIS0024: The input string parameter is either null or empty.”

We managed to workaround the problem by stripping the parameter out on load-balancer.

jamieis · ‎10-12-2020

HI @benjishirley,

This is Jamie from our SSO team.

Thanks for writing in to report this. We had another case of this AD FS issue recently as well.

We’ve fixed the issue on our side and it should rolling out in the next week or two. I’ll be sure to post back here when it gets rolled out to everyone.

Thanks!

benjishirley · ‎10-12-2020

Hi Jamie,

thanks for your feedback and for keeping me updated. Appreciate you working on the issue.

Benjamin

jamieis · ‎10-22-2020

Hey @benjishirley,

I just wanted to let you know that this fixed has been rolled out!

Please let me know if you have any other questions

benjishirley · ‎10-22-2020

@jamie thanks for letting me know