<![CDATA[FrontAccounting forum — Secondary Authentication Using Duo Security]]> https://frontaccounting.com/punbb/viewtopic.php?id=8135 Mon, 06 May 2019 16:25:50 +0000 PunBB <![CDATA[Re: Secondary Authentication Using Duo Security]]> https://frontaccounting.com/punbb/viewtopic.php?pid=34884#p34884 Thanks you apmuthu, will try and post results here.

]]> Mon, 06 May 2019 16:25:50 +0000 https://frontaccounting.com/punbb/viewtopic.php?pid=34884#p34884 <![CDATA[Re: Secondary Authentication Using Duo Security]]> https://frontaccounting.com/punbb/viewtopic.php?pid=34870#p34870 The FA Login with

user_name_entry_field
password
company_login_name

gets posted to itself (index.php) which includes the session file (includes/session.inc) that checks if a session exists and if not, includes the  login form (access/login.php).

It is in the last file referred to above that you will need to create a secondary hook for your dual authorisation using a special unique session variable as a flag.

]]> Sat, 04 May 2019 07:34:30 +0000 https://frontaccounting.com/punbb/viewtopic.php?pid=34870#p34870 <![CDATA[Re: Secondary Authentication Using Duo Security]]> https://frontaccounting.com/punbb/viewtopic.php?pid=34867#p34867 Thanks apmuthu!

This will work if I want to capture second authentication at the same time as login.
In my case I would like to validate username+password first and only after that show separate captive page where I will handle additional auth (users can have different types MFA that will require different handling). Only after that second page user will be logged on. Failure at either of these steps will take user back to login.

I guess my question is "how can I introduce an additional page between successful login and taking user to the main application".

]]> Fri, 03 May 2019 19:41:57 +0000 https://frontaccounting.com/punbb/viewtopic.php?pid=34867#p34867 <![CDATA[Re: Secondary Authentication Using Duo Security]]> https://frontaccounting.com/punbb/viewtopic.php?pid=34863#p34863 Use SMS OTP to generate a dynamic password valid for that session only directly in the db - maybe an extra field in the use record.

]]> Fri, 03 May 2019 04:11:37 +0000 https://frontaccounting.com/punbb/viewtopic.php?pid=34863#p34863 <![CDATA[Secondary Authentication Using Duo Security]]> https://frontaccounting.com/punbb/viewtopic.php?pid=34843#p34843 Looking for the correct way to implement 2FA using Duo Security: after successful login I need to make a second authorization call (javascript + iFrame). Here is documentation on Duo architecture: https://duo.com/docs/duoweb
PHP demo Duo code is available here: https://github.com/duosecurity/duo_php

Is it possible to add one more step (with user interaction) to login process?
Have had a look at ldap_auth extension, but it seems to replace FA authenticate, where I want to add an extra step.

Thank you.

]]> Tue, 30 Apr 2019 21:02:06 +0000 https://frontaccounting.com/punbb/viewtopic.php?pid=34843#p34843