yes I did tried with a lot of nice support from SAS Technical Support (from several countries), R&D and a few other teams, and I did not managed, yet.
To be clear, the SAML configuration, is not officialy supported by SAS in SAS 9.4. However, Mike Roda (SAS Employee) managed to do a configuration with SAML, using Active Directory Federation Server (AD FS 2.0), using Sibboleth IdP as "broker", and that is what is documented out there.
The main challenge is the understanding and translation of the interface (inputs and outputs) of the IdPs and what SAS takes/sends as well. We did not managed to find the right people.
I will keep an eye to this post and your progress. Could you please keep us us posted? I think it might be very useful.
you mentioned you tried it with lot of SAS technical support. I have read the document provided by Mike on enabling SAML with Shibboleth IP. But that is more like single sign on and I want to enable MFA. I also read a document about MFA with Symantec VIP but nothing so far using OKAT and DUO.
Any help you or SAS Technical support can provide is much appreciated!
There is no SAML providers shipped from SAS that are officially supported with a SAS 9.4 based solutions. Therefore there is little support you'll be able to get from SAS Technical Support with such a setup.
Web server authentication with SAS 9.4 is covered in the SAS 9.4 Middle Tier Administration Guide, that part would be support by support. If the SAML identity provider you are using can provide you with (and setup) a client modules that can be loaded by a standard web server like Apache HTTP Server you might be able to leverage that and integrate it with SAS 9.4 using the web server authentication that available.