DUO SSO with ADFS as IDP issue

Hi,

while debugging the issue configuring ADFS as Primary Authentication Factor for DUO SSO we figured out that the redirect URL Duo SSO generates pointing to our ADFS Servers contains the URL Query Parameter RelayState which is empty. Microsoft ADFS Server cannot process the SAML Request if &RelayState comes at the end ane throws this error.

This is a sample redirect URL:

https://adfs.company.domain/adfs/ls?SAMLRequest=rZJRb5swFIXf8ys....Q72CwD%3D&RelayState

And this the error on ADFS Server:
“System.ArgumentException: MSIS0024: The input string parameter is either null or empty.”

We managed to workaround the problem by stripping the parameter out on load-balancer.

1 Like

HI @benjishirley,

This is Jamie from our SSO team.

Thanks for writing in to report this. We had another case of this AD FS issue recently as well.

We’ve fixed the issue on our side and it should rolling out in the next week or two. I’ll be sure to post back here when it gets rolled out to everyone.

Thanks!

Hi Jamie,

thanks for your feedback and for keeping me updated. Appreciate you working on the issue. :slight_smile:

Benjamin

Hey @benjishirley,

I just wanted to let you know that this fixed has been rolled out!

Please let me know if you have any other questions :smiley:

1 Like

@jamie thanks for letting me know :blush: