Customize APM Logon Page for Duo Security auth with Modern Template, v15.1+
Hi,
I would like to use Modern Template on v15.1+ and integrate Duo Security with APM's Logon Page.
I tried to follow these guides:
Based on Lucas' (btw fantastic) guide I tried to add the link from Duo (https://api-XXXXXXXX.duosecurity.com/frame/hosted/Duo-F5-BIG-IP-v2.js) in Customization Tool, General Customization, on Text tab, under Customization Settings -> Access Profiles -> /Common/<AccessProfile> -> Common -> External Scripts/Styles section. I copied the JS link as the value of External Javascript 1 Address.
I tried to generate the SRI hash on https://www.srihash.org/, but I got the following error message:
Error: this resource is not eligible for integrity checks. See https://enable-cors.org/server.html
Therefore I did not configured an External Javascript 1 Subresource Integrity value...
With the above settings, after logging in with username and password the following message appeared:
Initializing two-factor authentication... DUO-TXID(api-XXXXXXXX.duosecurity.com|XXXXXXXXXXXXXXXXXXXX)
On F5, I ran tcpdump and I can see Duo Authentication Proxy is communicating with Duo on port 443.
But authentication is not completed, user does not appear in User list, even not as Pending Enrollment.
Is there anyone who managed to successfully integrate Modern Template with Duo Security and could help me how to fix it?
UPDATE: I created a test policy with Standard Customization Type. User self-enrollment and also authentication worked like a charm. So my infrastructure is correctly set, just would need some guidance, how to integrate the Duo Javascript within Modern Template.