Secondary Authentication Using Duo Security

Denis · 04/30/2019 09:02:06 pm

Denis
Member
Offline

From: USA, Arizona
Registered: 04/30/2019
Posts: 10

Topic: Secondary Authentication Using Duo Security

Looking for the correct way to implement 2FA using Duo Security: after successful login I need to make a second authorization call (javascript + iFrame). Here is documentation on Duo architecture: https://duo.com/docs/duoweb
PHP demo Duo code is available here: https://github.com/duosecurity/duo_php

Is it possible to add one more step (with user interaction) to login process?
Have had a look at ldap_auth extension, but it seems to replace FA authenticate, where I want to add an extra step.

Thank you.

apmuthu · 05/03/2019 04:11:37 am

apmuthu
Moderator
Offline

From: Singapore, India, Chennai
Registered: 05/02/2009
Posts: 6,160

Re: Secondary Authentication Using Duo Security

Use SMS OTP to generate a dynamic password valid for that session only directly in the db - maybe an extra field in the use record.

Denis · 05/03/2019 07:41:57 pm

Denis
Member
Offline

From: USA, Arizona
Registered: 04/30/2019
Posts: 10

Re: Secondary Authentication Using Duo Security

Thanks apmuthu!

This will work if I want to capture second authentication at the same time as login.
In my case I would like to validate username+password first and only after that show separate captive page where I will handle additional auth (users can have different types MFA that will require different handling). Only after that second page user will be logged on. Failure at either of these steps will take user back to login.

I guess my question is "how can I introduce an additional page between successful login and taking user to the main application".

apmuthu · 05/04/2019 07:34:30 am

apmuthu
Moderator
Offline

From: Singapore, India, Chennai
Registered: 05/02/2009
Posts: 6,160

Re: Secondary Authentication Using Duo Security

The FA Login with

user_name_entry_field
password
company_login_name

gets posted to itself (index.php) which includes the session file (includes/session.inc) that checks if a session exists and if not, includes the login form (access/login.php).

It is in the last file referred to above that you will need to create a secondary hook for your dual authorisation using a special unique session variable as a flag.

Denis · 05/06/2019 04:25:50 pm

Denis
Member
Offline

From: USA, Arizona
Registered: 04/30/2019
Posts: 10

Re: Secondary Authentication Using Duo Security

Thanks you apmuthu, will try and post results here.

Secondary Authentication Using Duo Security

Posts: 5

1 Topic by Denis 04/30/2019 09:02:06 pm

Topic: Secondary Authentication Using Duo Security

2 Reply by apmuthu 05/03/2019 04:11:37 am

Re: Secondary Authentication Using Duo Security

3 Reply by Denis 05/03/2019 07:41:57 pm

Re: Secondary Authentication Using Duo Security

4 Reply by apmuthu 05/04/2019 07:34:30 am

Re: Secondary Authentication Using Duo Security

5 Reply by Denis 05/06/2019 04:25:50 pm

Re: Secondary Authentication Using Duo Security

Posts: 5