<![CDATA[FrontAccounting forum — Secondary Authentication Using Duo Security]]> 2019-05-06T16:25:50Z PunBB https://frontaccounting.com/punbb/viewtopic.php?id=8135 <![CDATA[Re: Secondary Authentication Using Duo Security]]> Thanks you apmuthu, will try and post results here.

]]> https://frontaccounting.com/punbb/profile.php?id=44612 2019-05-06T16:25:50Z https://frontaccounting.com/punbb/viewtopic.php?pid=34884#p34884 <![CDATA[Re: Secondary Authentication Using Duo Security]]> The FA Login with

user_name_entry_field
password
company_login_name

gets posted to itself (index.php) which includes the session file (includes/session.inc) that checks if a session exists and if not, includes the  login form (access/login.php).

It is in the last file referred to above that you will need to create a secondary hook for your dual authorisation using a special unique session variable as a flag.

]]> https://frontaccounting.com/punbb/profile.php?id=364 2019-05-04T07:34:30Z https://frontaccounting.com/punbb/viewtopic.php?pid=34870#p34870 <![CDATA[Re: Secondary Authentication Using Duo Security]]> Thanks apmuthu!

This will work if I want to capture second authentication at the same time as login.
In my case I would like to validate username+password first and only after that show separate captive page where I will handle additional auth (users can have different types MFA that will require different handling). Only after that second page user will be logged on. Failure at either of these steps will take user back to login.

I guess my question is "how can I introduce an additional page between successful login and taking user to the main application".

]]> https://frontaccounting.com/punbb/profile.php?id=44612 2019-05-03T19:41:57Z https://frontaccounting.com/punbb/viewtopic.php?pid=34867#p34867 <![CDATA[Re: Secondary Authentication Using Duo Security]]> Use SMS OTP to generate a dynamic password valid for that session only directly in the db - maybe an extra field in the use record.

]]> https://frontaccounting.com/punbb/profile.php?id=364 2019-05-03T04:11:37Z https://frontaccounting.com/punbb/viewtopic.php?pid=34863#p34863 <![CDATA[Secondary Authentication Using Duo Security]]> Looking for the correct way to implement 2FA using Duo Security: after successful login I need to make a second authorization call (javascript + iFrame). Here is documentation on Duo architecture: https://duo.com/docs/duoweb
PHP demo Duo code is available here: https://github.com/duosecurity/duo_php

Is it possible to add one more step (with user interaction) to login process?
Have had a look at ldap_auth extension, but it seems to replace FA authenticate, where I want to add an extra step.

Thank you.

]]> https://frontaccounting.com/punbb/profile.php?id=44612 2019-04-30T21:02:06Z https://frontaccounting.com/punbb/viewtopic.php?pid=34843#p34843