Skip to content

DuoSecurity multifactor authentication plugin for the Shibboleth identity provider

License

Notifications You must be signed in to change notification settings

Unicon/shib-mfa-duo-auth

Repository files navigation

Support notice

As of version 3.3 of the Shibboleth identity provider, there is built in support for Duo Security Authentication (https://wiki.shibboleth.net/confluence/display/IDP30/DuoAuthnConfiguration). The Unicon developed module will not be supported in versions 3.3 and following. Features will be moved to the Shibboleth developed facility as appropriate.

Shibboleth Duo Security Authentication Module

DuoSecurity multifactor authentication plugin for the Shibboleth identity provider v3.

This project is made public here on Github as part of Unicon's Open Source Support program. Professional Support / Integration Assistance for this module is available. For more information visit.

Features

  • Allows the http://www.duosecurity.com/ authnContext

Installation

  1. Obtain distribution either as a binary download or building from source

    • Binary Download

      Download from https://bintray.com/uniconiam/generic/shibboleth-duo-auth/view

    • From Source

      git clone https://github.com/Unicon/shib-mfa-duo-auth.git
      cd shib-mfa-duo-auth
      ./gradlew clean distZip
      

      The distribution will be found at build/distributions/shibboleth-duo-auth-{VERSION}.zip

  2. unzip shibboleth-duo-auth*.zip

  3. copy the edit-webapp, conf and views directories from the distribution into ${idp.home}; eg cd shibboleth-duo-auth*; cp -R * ${idp.home}

  4. modify ${idp.home}/conf/duo.properties for your Duo configuration

  5. modify ${idp.home}/conf/idp.properties. edit the following properties:

    • idp.additionalProperties: add /conf/duo.properties:

      idp.additionalProperties= /conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties, /conf/duo.properties
      
    • idp.authn.flows: add Duo:

      idp.authn.flows= Password|Duo
      
    • idp.authn.flows.initial: set up an initial authentication flow. For instance, password:

      idp.authn.flows.initial = Password
      
  6. modify ${idp.home}/edit-webapp/WEB-INF/web.xml

    If you don't have this file, you can copy from ${idp.home}/webapp/WEB-INF/web.xml

    • contextConfigLocation:

      <context-param>
              <param-name>contextConfigLocation</param-name>
              <param-value>classpath*:/META-INF/shibboleth-idp/conf/global.xml,${idp.home}/system/conf/global-system.xml,classpath*:/META-INF/net.shibboleth.idp/config.xml</param-value>
      </context-param>
      
    • idp servlet, contextConfigLocation init-param

      <init-param>
          <param-name>contextConfigLocation</param-name>
          <param-value>classpath*:/META-INF/shibboleth-idp/conf/webflow-config.xml,${idp.home}/system/conf/mvc-beans.xml,${idp.home}/system/conf/webflow-config.xml</param-value>
      </init-param>
      
  7. rebuild the IdP war file

    cd ${idp.home}/bin
    ./build.sh
    

About

DuoSecurity multifactor authentication plugin for the Shibboleth identity provider

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages