Looking for tips from anyone that’s configured SharePoint with the DUO WebSDK. We’ve configured SharePoint 2016 FBA with the DUO WebSDK and its works well except for one aspect regarding FBA authentication.
login page 1.) authenticate the username and password using FBA-LDAP.
login page 2.) load the duo web iframe
The method that authenticates the username and password on login page 1 is the SPClaimsUtility.AuthenticateFormsUser which persists a cookie to the site.
If the user fails the DUO authentication on login page 2, they still have an authenticated session to the site. We can force a signout and clear session cookies, but I was hoping for a cleaner approach. Please assist.