cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
144
Views
0
Helpful
1
Replies

DUO SSO Generic SAML Connection

Robert-Parker
Level 1
Level 1

I have built out the connection using the Vendors Metadata file.  I have made the response NameID set to persistent.  I have set the Name attribute to email address and the Map attribute to email address and email address per the documentation of Vendor.

I get through the DUO MFA but get this error after the attempted redirect.  Can some explain what this error means.

 

{
  "error" : "invalid_request",
  "error_description" : "The request is missing a required parameter: redirect_uri",
  "error_reason" : "missing_redirect_uri"
}
1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

In short, the error means the assertion is missing a redirect_uri. Double-check the vendor's SSO configuration instructions to see what it says about required attributes to receive back from the identity provider, and make sure they are configured in the Duo SSO generic app.

It's difficult to provide any more specific guidance without knowing what application you are trying to federate with Duo SSO. Can you share a link to their SSO instructions?

I'm wondering if you are actually configuring a generic OIDC SSO app vs a generic SAML app? Duo SSO OIDC apps have a specific redirect_uri field to populate as instructed by the external app vendor.

If it is, in fact, SAML, you may need to populate the "Service Provider Login URL" info in the Duo SSO generic SAML app as instructed by the other vendor.

Duo, not DUO.
Quick Links