Man, Just providing clarification on this other issue that I hadn’t gotten back to you on. I think the issue in this specific email is an issue with duo.com <http://duo.com/>, while the other issue in this thread is an issue with CAS.
In order for CAS to be able to use Duo you must obtain an integration key, shared secret and api host from Duo. You do this by logging in to duo.com <http://duo.com/> as an administrator and selecting “Add new application”. You are then presented with a list of 137 types of applications you can integrate with: 1Password Duo Admin API Duo Auth API CAS Cisco RADIUS VPN etc. If you select the CAS integration, you’ll receive en error (not authorized, I believe) when trying to use the Duo preauth endpoint, which is what the CAS Duo adapter uses: https://github.com/apereo/cas/blob/468d834242d8c027d4f2333bb7b4d1c99b645630/support/cas-server-support-duo-core/src/main/java/org/apereo/cas/adaptors/duo/authn/BaseDuoSecurityAuthenticationService.java#L170 When setting up the application at duo.com <http://duo.com/> if you instead choose Duo Auth API, the preauth endpoint works correctly. There are no user configurable permissions that I’ve been able to find on Duo’s site, so this is a backend thing that they will need to change. I will be opening a ticket with them to address this. Here’s the Duo documentation for the preauth endpoint: https://duo.com/docs/authapi#/preauth <https://duo.com/docs/authapi#/preauth> Thanks again for all of the help! Brian > On Feb 10, 2018, at 8:15 AM, Man H <info.ings...@gmail.com> wrote: > > Could you be more specific > > We did find that CAS was unable to check to see if the user exists in Duo if > we used the “CAS” integration in Duo. But it works if we set up the > integration as “Auth API”. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/94EC9972-D8CA-471A-94BD-E42BAE814C48%40gmail.com.
