Skip to content

Latest commit

 

History

History
81 lines (56 loc) · 3.08 KB

README.md

File metadata and controls

81 lines (56 loc) · 3.08 KB

Support notice

As of version 3.3 of the Shibboleth identity provider, there is built in support for Duo Security Authentication (https://wiki.shibboleth.net/confluence/display/IDP30/DuoAuthnConfiguration). The Unicon developed module will not be supported in versions 3.3 and following. Features will be moved to the Shibboleth developed facility as appropriate.

Shibboleth Duo Security Authentication Module

DuoSecurity multifactor authentication plugin for the Shibboleth identity provider v3.

This project is made public here on Github as part of Unicon's Open Source Support program. Professional Support / Integration Assistance for this module is available. For more information visit.

Features

  • Allows the http://www.duosecurity.com/ authnContext

Installation

  1. Obtain distribution either as a binary download or building from source

  2. unzip shibboleth-duo-auth*.zip

  3. copy the edit-webapp, conf and views directories from the distribution into ${idp.home}; eg cd shibboleth-duo-auth*; cp -R * ${idp.home}

  4. modify ${idp.home}/conf/duo.properties for your Duo configuration

  5. modify ${idp.home}/conf/idp.properties. edit the following properties:

    • idp.additionalProperties: add /conf/duo.properties:

      idp.additionalProperties= /conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties, /conf/duo.properties
      
    • idp.authn.flows: add Duo:

      idp.authn.flows= Password|Duo
      
    • idp.authn.flows.initial: set up an initial authentication flow. For instance, password:

      idp.authn.flows.initial = Password
      
  6. modify ${idp.home}/edit-webapp/WEB-INF/web.xml

    If you don't have this file, you can copy from ${idp.home}/webapp/WEB-INF/web.xml

    • contextConfigLocation:

      <context-param>
              <param-name>contextConfigLocation</param-name>
              <param-value>classpath*:/META-INF/shibboleth-idp/conf/global.xml,${idp.home}/system/conf/global-system.xml,classpath*:/META-INF/net.shibboleth.idp/config.xml</param-value>
      </context-param>
      
    • idp servlet, contextConfigLocation init-param

      <init-param>
          <param-name>contextConfigLocation</param-name>
          <param-value>classpath*:/META-INF/shibboleth-idp/conf/webflow-config.xml,${idp.home}/system/conf/mvc-beans.xml,${idp.home}/system/conf/webflow-config.xml</param-value>
      </init-param>
      
  7. rebuild the IdP war file

    cd ${idp.home}/bin
    ./build.sh