Topic: Secondary Authentication Using Duo Security

Looking for the correct way to implement 2FA using Duo Security: after successful login I need to make a second authorization call (javascript + iFrame). Here is documentation on Duo architecture: https://duo.com/docs/duoweb
PHP demo Duo code is available here: https://github.com/duosecurity/duo_php

Is it possible to add one more step (with user interaction) to login process?
Have had a look at ldap_auth extension, but it seems to replace FA authenticate, where I want to add an extra step.

Thank you.

Re: Secondary Authentication Using Duo Security

Use SMS OTP to generate a dynamic password valid for that session only directly in the db - maybe an extra field in the use record.

Re: Secondary Authentication Using Duo Security

Thanks apmuthu!

This will work if I want to capture second authentication at the same time as login.
In my case I would like to validate username+password first and only after that show separate captive page where I will handle additional auth (users can have different types MFA that will require different handling). Only after that second page user will be logged on. Failure at either of these steps will take user back to login.

I guess my question is "how can I introduce an additional page between successful login and taking user to the main application".

Re: Secondary Authentication Using Duo Security

The FA Login with

user_name_entry_field
password
company_login_name

gets posted to itself (index.php) which includes the session file (includes/session.inc) that checks if a session exists and if not, includes the  login form (access/login.php).

It is in the last file referred to above that you will need to create a secondary hook for your dual authorisation using a special unique session variable as a flag.

Re: Secondary Authentication Using Duo Security

Thanks you apmuthu, will try and post results here.