Thanks for the comment.

The screen capturing is with ShareX, its open source and truly the last screencapturing tool you will need, it has gif recording features, autosave and a ton more. The code paste is from pastebin.

I already have the script in header.inc and it works with the default page, with the new custom page yes I changed the full code so I think something is knocked off which supports 2FA from the original default logon code.

The api cant do anything unless I create users for it and this is a lab setup so I think it should be fine, but even I am not sure, the files will delete in 6 days anyway..so i'll just keep it.

Is there a way to add one more branch after the primary auth to load the iframe for the duo 2FA auth push prompt?

Add the duo js script to the of your new custom logon.inc page. I think you overwrote the php include statement for the header.inc which has the script in it so it's not even loading the header.inc or footer.inc anymore. They're not hardcoded into APM to load them, they're all loaded from the different "inc" pages.

Let me know if that makes sense.

Regarding another branch, that won't change anything because the HTML that is sent is static. You could add another logon page with duo on it using the original logon.inc and it might render it and work, but that defeats the purpose of your customizations. I recall trying to get duo working with the standard radius VPE entry in the BIG-IP years ago and I don't think push works in that case.

I forgot to mention in my previous comment but I tried adding the script to the logon page itself but it did not work ..!

When I do a find for frame in the new logon page I don’t see the same code which the default logon page has, that’s related I feel.

This is the code for calling header.inc and I see it in both the default and the customized logon.inc pages.