We are seeing this issue as well, CAS 5.3.4 using MFA with Duo. We believe it is an issue Duo has introduced with their new API. See the yellow box under “User Account Status”: https://apereo.github.io/cas/5.3.x/installation/DuoSecurity-Authentication.html#user-account-status
Rather than wait for Duo to fix this, we are looking into ways to bypass this issue without disabling Duo entirely on our services, using Multifactor Authentication Bypass: https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties-Common.html#multifactor-authentication-bypass Have not gotten anywhere with this yet, if anyone has experience with those config settings, we could use your help. Greg On Thu, Feb 21, 2019 at 9:39 AM atilling <[email protected]> wrote: > CAS version 5.1.9 using MFA with DUO. We had this working fine for about > two years at this point. Tuesday it started causing problems for our > unenrolled users. We have the DUO setting "allow unenrolled users to pass > through without two-factor authentication" but sometime around 5 pm Tuesday > all unenrolled users started getting the error "The validation request for > ['ST-...'] cannot be satisfied. The request is either unrecognized or > unfulfilled." whenever logging into a Duo protected service. > > Has anyone else experienced this? Did something change with Duo in the > last 72 hours? We had to turn off Duo for these services and we don't want > to keep it off. > > Any help would be appreciated. > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/d6587944-0b2a-492c-9922-b84d0047486f%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/d6587944-0b2a-492c-9922-b84d0047486f%40apereo.org?utm_medium=email&utm_source=footer> > . > -- Gregory Booth Senior Systems Administrator & Technical Team Lead IT Operations Information Technology Michigan Technological University (906) 487-1797 <9064871797> www.mtu.edu www.it.mtu.edu -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAH%2BQwmhzWZgfTVapQ--LXEcNnOLF-dwC%2B%3D6zSLAtnF0hSnN2Vw%40mail.gmail.com.
