Customize APM Logon Page for Duo Security auth with Modern Template, v15.1+

Hi there,

We had a similar issue with our deployment while attempting to integrate Duo MFA. The DUO-TXID would appear in the login box on our customised login page, but the Duo integration didn't seem to fire.

We're on 14.1, but have a pretty heavily customised Sign-In page. Perhaps this contributes somewhat to load times, etc for page elements.

I spent some time in Firefox with Developer tools, prettified the Duo code, and set some break points. In stepping through the execution flow, I found that the Duo script actually embeds a specific version of the jQuery library, and triggers on the j(document).ready condition, which is equivalent to the DOMContentLoaded event. This was firing ahead of the Body OnLoad event that triggers the Login Page's function to populate the logon form (OnLoad).

The net effect is that when the Duo function triggers, and looks for the DUO-TXID, it is not there yet.

The workaround/fix was the following:

Edit the policy's Logon Page's logon.inc in advanced customisation and locate the following code section:

    disableSubmit(form);
    return true;
}
//-->
</script>
</head>
 
<body onload="OnLoad()">
 
<?

To adjust the way the triggers work, replace the above code section with:

    disableSubmit(form);
    return true;
}
 
document.addEventListener("DOMContentLoaded", function()
{
    OnLoad();
}, false);
//-->
</script>
</head>
 
<body>
 
<?

What this does is replace the effective OnLoad handler with a DOMContentLoaded handler to call the OnLoad function that populates the logon form.

In our case, this seems to have resolved the timing issues, though there is not really a guarantee that this will work in all cases.

I hope this solution helps out other folks.

Regards,

JohnB