Just providing clarification on this other issue that I hadn’t gotten back to 
you on.  I think the issue in this specific email is an issue with 
<>, while the other issue in this thread is an issue with CAS.

In order for CAS to be able to use Duo you must obtain an integration key, 
shared secret and api host from Duo.  You do this by logging in to 
<> as an administrator and selecting “Add new application”.  You 
are then presented with a list of 137 types of applications you can integrate 

Duo Admin API
Duo Auth API

If you select the CAS integration, you’ll receive en error (not authorized, I 
believe) when trying to use the Duo preauth endpoint, which is what the CAS Duo 
adapter uses:

When setting up the application at <> if you instead 
choose Duo Auth API, the preauth endpoint works correctly.  There are no user 
configurable permissions that I’ve been able to find on Duo’s site, so this is 
a backend thing that they will need to change.  I will be opening a ticket with 
them to address this.

Here’s the Duo documentation for the preauth endpoint: <>

Thanks again for all of the help!


> On Feb 10, 2018, at 8:15 AM, Man H <> wrote:
> Could you be more specific
> We did find that CAS was unable to check to see if the user exists in Duo if 
> we used the “CAS” integration in Duo.  But it works if we set up the 
> integration as “Auth API”.

- Website:
- Gitter Chatroom:
- List Guidelines:
- Contributions:
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To view this discussion on the web visit

Reply via email to