| Warning |
|---|
| title | Duo 'Cancel this Request' issue affecting IdP v4.0.0 and v4.0.1 |
|---|
|
New installs of version 4.0.0 or 4.0.1 of the IdP (or upgrades from new installs of these versions) are missing the CSRF Token on the 'Cancel this Request' hyperlink in the duo.vm velocity template. This must be added manually, see duo-cancel-request. Note, this does not impact on the successful operation of the Duo 2FA process within the iframe. |
...
| Code Block |
|---|
<a href="$flowExecutionUrl&_eventId=cancel#parse("csrf/csrf-qparam.vm")">TEXT</a>
|
Issue: Duo 2FA 'Cancel this Request'
In addition to the HTML form in the duo.vm view, the 'Cancel this Request' hyperlink also requires a CSRF token. That is, this hyperlink:
...