Issue with DUO and ADFS Users

We want to have MFA using Duo enabled also for users from ADFS.

The problem is that the Auth0 user_id of such users is in the form “user_id”: “TestAdfs|testuser@auth0testdomain.com” - containing a pipe “|” in it. And Duo SDK explicitly disallows usernames to contain pipes - https://github.com/duosecurity/duo_nodejs/blob/master/duo.js#L141

Would you be able to help us here? I tried to google for how to configure ADFS enterprise connection and Duo at the same time, but did not find anything.

With DUO MFA, it is possible to customize the MFA rule to send a custom username attribute. On our reference DUO rule, this attribute is disabled. On the following gist, I have used this attribute to send the user id with pipe characters removed.

1 Like

Thanks for sharing that Saltuk!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.