Hi we are having an issue with DUO account provisioning and enrollment. In the createAccount JSON its configured to do 2 calls, account creation, then enrolling the account. The first call completes with 200 then the enroll call fails with
2023-12-03 18:57:37,334 [quartzScheduler_Worker-14] DEBUG rest.RestProvisioningService - Got Webservice API Response: [headers:[Server: Duo/1.0, Date: Sun, 03 Dec 2023 18:57:37 GMT, Content-Type: application/json, Content-Length: 86, Connection: keep-alive], responseText:{"code": 40103, "message": "Invalid signature in request credentials", "stat": "FAIL"}, cookies:[], statusCode:401]
If the first call is being encoded properly but the 2nd isn't what might cause that? This should be the OOTB config from Sav docs. Per DUO support this is their response regarding this error:
To resolve, verify that the signature is encoded in hexadecimal ASCII; is using the correct HMAC-SHA1 signature as the password; and lists parameters in alphabetical order. The parameters and their values must also be encoded in hexadecimal ASCII (e.g. the = symbol should be encoded as %3D and the | symbol should be encoded as %7C).
That being said, I would assume the connector would encode both calls the same way? Using Rest connection.
Here is the connection config, sensitive info removed (ikey, skey, partial URL):
{
"authentications" : {
"acctAuth" : {
"accessToken" : "Basic xyz",
"authError" : [
"InvalidAuthenticationToken",
"AuthenticationFailed",
"Authentication_MissingOrMalformed",
"Authentication_ExpiredToken"
],
"authType" : "BasicWithHmac",
"errorPath" : "error.code",
"httpMethod" : "POST",
"maxRefreshTryCount" : 5,
"properties" : {
"IKEY" : "",
"SKEY" : ""
},
"tokenResponsePath" : "access_token",
"tokenType" : "Basic",
"url" : ".duosecurity.com"
}
}
}
All of these configs work fine in the test Sav and DUO environments, this is only happening in PRD.
