Duo MultiFactor- Unauthorized

eli.webster · July 12, 2019, 3:48pm

We have a login system that is working great with username and password login. When we enable the rule for DUO MFA it works when testing in the “rules” page of the Auth0 dashboard. However, when we test against our login the user is prompted for MFA from DUO, the DUO window shows login success, then we are redirected to a page from auth0 which shows "Unauthorized:. We are at a loss for why the MFA login is not working. any suggestions would be helpful.

dan.woda · July 16, 2019, 5:43pm

Hi @eli.webster,

Welcome to the Auth0 Community Forum!

Are you just getting unauthorized? Any other specific message in the error?

Warm Regards,
Dan

eli.webster · July 16, 2019, 7:18pm

Just the word “Unauthorized” in the corner of the web page and the website source shows error 401

dan.woda · July 22, 2019, 4:52pm

I see. Can you DM me your tenant name?

Thanks,
Dan

dan.woda · July 22, 2019, 5:19pm

Does the user you are trying to log in with have the correct user_metadata?

eli.webster · July 22, 2019, 5:33pm

The user can log in without issue with MFA disabled. And can login using the Rule tester with MFA enabled without issue.

dan.woda · July 22, 2019, 7:37pm

I’m wondering about this line:

  if (user.user_metadata && user.user_metadata.use_mfa){

Does the user that you are logging in with have the correct metadata?

eli.webster · July 22, 2019, 7:55pm

The user has the following metadata.
{
“use_mfa”: “true”
}

Should something be defined for user.usermetadata.

dan.woda · July 22, 2019, 7:56pm

This should be the correct set up. The first conditional is just checking to make sure there is some metadata so the second doesn’t come back with an undefined error.

eli.webster · July 22, 2019, 7:58pm

That is what we assumed from all the documentation, and we are just at a total loss. DUO shows the login approved, and the user logs in without issue when MFA is off.

dan.woda · July 22, 2019, 10:21pm

If you try and remove that conditional statement (applying it to all users) does it still not allow you to login?

josh.oberdick · August 9, 2019, 4:53pm

@eli.webster are you using a custom domain name? I believe that is cause of me getting this error.

I am hoping Auth0 has a work around.

dan.woda · August 12, 2019, 5:53pm

@josh.oberdick

Thanks for adding to the conversation. Are you having the exact same symptoms?

josh.oberdick · August 13, 2019, 11:18am

Correct. I’m requesting custom domain support for DUO.

dan.woda · August 13, 2019, 4:59pm

@josh.oberdick @eli.webster

After looking further I can confirm DUO does not support custom domains at this time. There is no workaround that I am aware of.

I can say that this exists as a feature request, but it is not currently on any product roadmap. I would recommend submitting a ticket to feedback if you have not already had time to do so. This is a direct line between you and the product team, and how we track customer demand.

I will also create a feedback ticket citing this thread.

Warm Regards,
Dan

James.Morrison · August 23, 2019, 4:28pm

Great news @josh.oberdick, and @eli.webster, DUO is now supported as a MFA factor with Custom Domains! Please let us know if you have any questions!

dan.woda · September 6, 2019, 8:28pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.