Forum Discussion
Craig_Gibb_1781
Nimbostratus
NimbostratusProblem getting SSO to Sharepoint 2013 to work after DUO push authentication.
Hi we are using Duo security integrated with F5 APM version 12 sp1. I need to publish a Sharepoint 2013 site using Duo Security with push as the two factor solution. I started out by deploying the latest Iapp for Sharepoint 2013 and then replaced the AD authentication in the VPE with Radius Authentication using Duo, the VPE policy is :-
In the variable assign i am using the following session variables:-
The SSO looks like this:-
At the moment the two factor works and login is accepted using only username and domain password followed by acceptance of the push message from Duo, we then receive a 401 and then a ntlm authentication prompt because the variable assign together with SSO are not configured as they should be.
Any tips or advice appreciated.
/Craig
Stanislas_Piro2Cumulonimbus
Hi,
How did you configure the field2 in logon page?
- text
- password
if it is defined as password, you must add -secure in mcget command:
session.logon.last.password = [mcget -secure {session.logon.last.field}]
CGIAltostratus
Okay i have now managed to solve my problem, it was easier than i thought. The VPE flow is picture below:
There is a Pre Logon variable assign where we set the original password as a variable:
After the Radius Authentication Duo we have the post logon where we set the logon username in the form Domain\username and then pull in the original password variable we set before:
The final part is the SSO Agent which is the the default collecting information from the default variables:
I hope this proves useful to others. /Craig