cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1971
Views
2
Helpful
4
Replies

DUO SSO with ADFS as IDP issue

benjishirley
Level 1
Level 1

Hi,

while debugging the issue configuring ADFS as Primary Authentication Factor for DUO SSO we figured out that the redirect URL Duo SSO generates pointing to our ADFS Servers contains the URL Query Parameter RelayState which is empty. Microsoft ADFS Server cannot process the SAML Request if &RelayState comes at the end ane throws this error.

This is a sample redirect URL:

https://adfs.company.domain/adfs/ls?SAMLRequest=rZJRb5swFIXf8ys....Q72CwD%3D&RelayState

And this the error on ADFS Server:
“System.ArgumentException: MSIS0024: The input string parameter is either null or empty.”

We managed to workaround the problem by stripping the parameter out on load-balancer.

4 Replies 4

jamieis
Cisco Employee
Cisco Employee

HI @benjishirley,

This is Jamie from our SSO team.

Thanks for writing in to report this. We had another case of this AD FS issue recently as well.

We’ve fixed the issue on our side and it should rolling out in the next week or two. I’ll be sure to post back here when it gets rolled out to everyone.

Thanks!

Hi Jamie,

thanks for your feedback and for keeping me updated. Appreciate you working on the issue.

Benjamin

Hey @benjishirley,

I just wanted to let you know that this fixed has been rolled out!

Please let me know if you have any other questions

benjishirley
Level 1
Level 1

@jamie thanks for letting me know

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links