Here’s the error that’s returned if the “CAS” integration is used when
configuring on duo.com <http://duo.com/> website. I have opened an issue with
Duo.
2018-02-13 10:53:37,995 DEBUG
[org.apereo.cas.adaptors.duo.authn.BaseDuoSecurityAuthenticationService] -
<Received Duo admin response [{"code": 40301, "message": "Access forbidden",
"message_detail": "Wrong integration type for this API.", "stat": "FAIL"}]>
> On Feb 13, 2018, at 7:34 AM, Brian Davidson <[email protected]> wrote:
>
> Man,
>
> Just providing clarification on this other issue that I hadn’t gotten back to
> you on. I think the issue in this specific email is an issue with duo.com
> <http://duo.com/>, while the other issue in this thread is an issue with CAS.
>
> In order for CAS to be able to use Duo you must obtain an integration key,
> shared secret and api host from Duo. You do this by logging in to duo.com
> <http://duo.com/> as an administrator and selecting “Add new application”.
> You are then presented with a list of 137 types of applications you can
> integrate with:
>
> 1Password
> Duo Admin API
> Duo Auth API
> CAS
> Cisco RADIUS VPN
> etc.
>
>
> If you select the CAS integration, you’ll receive en error (not authorized, I
> believe) when trying to use the Duo preauth endpoint, which is what the CAS
> Duo adapter uses:
>
> https://github.com/apereo/cas/blob/468d834242d8c027d4f2333bb7b4d1c99b645630/support/cas-server-support-duo-core/src/main/java/org/apereo/cas/adaptors/duo/authn/BaseDuoSecurityAuthenticationService.java#L170
>
> <https://github.com/apereo/cas/blob/468d834242d8c027d4f2333bb7b4d1c99b645630/support/cas-server-support-duo-core/src/main/java/org/apereo/cas/adaptors/duo/authn/BaseDuoSecurityAuthenticationService.java#L170>
>
>
> When setting up the application at duo.com <http://duo.com/> if you instead
> choose Duo Auth API, the preauth endpoint works correctly. There are no user
> configurable permissions that I’ve been able to find on Duo’s site, so this
> is a backend thing that they will need to change. I will be opening a ticket
> with them to address this.
>
> Here’s the Duo documentation for the preauth endpoint:
>
> https://duo.com/docs/authapi#/preauth <https://duo.com/docs/authapi#/preauth>
>
> Thanks again for all of the help!
>
> Brian
>
>> On Feb 10, 2018, at 8:15 AM, Man H <[email protected]> wrote:
>>
>> Could you be more specific
>>
>> We did find that CAS was unable to check to see if the user exists in Duo if
>> we used the “CAS” integration in Duo. But it works if we set up the
>> integration as “Auth API”.
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/30619062-0F41-483C-977D-B64032D9F726%40gmail.com.
