2FA CISCO DUO Universal Prompt (New Method) – Nextcloud

Effective March 30, 2024, Duo Security will no longer support the traditional Duo Prompt. This will mean no longer supporting the iFrame experience in the Duo Prompt or any dependencies on the iFrame.

Experimental New Method Two-Factor DUO Universal Prompt for Nextcloud

Tested on Nextcloud versions 27, 28, and 29

GitHub

GitHub – tilyanPristka/twofactor_duo: 2FA DUO for Nextcloud Any Version (24,… 5

2FA DUO for Nextcloud Any Version (24, 25, 26, 27, 28, 29) – tilyanPristka/twofactor_duo

Configuration

Add your duo configuration to your Nextcloud’s nextcloud/config/config.php fils:

'twofactor_duo' => [
    'IKEY' => 'xxx',
    'SKEY' => 'yyy',
    'HOST' => '*.duosecurity.com',
    'CALL' => 'https://example.com/login/callback/duo',
  ],

Nextcloud Lib Patch

nextcloud/lib/public/Authentication/TwoFactorAuth/IProvider.php

nextcloud/lib/private/Authentication/TwoFactorAuth/Manager.php

nextcloud/apps/twofactor_backupcodes/lib/Provider/BackupCodesProvider.php

public function verifyChallenge(IUser $user, string $challenge): bool;

Change to: (remove the word string)

public function verifyChallenge(IUser $user, $challenge): bool;

Nextcloud Core Patch

nextcloud/core/routes.php

['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'POST'],

After that line, add this:

['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/callback/{challengeProviderId}', 'verb' => 'GET'],
Tags

Leave a Comment

 
Required 'Candidate' login to applying this job. Click here to logout And try again
 
 

Answers

 

Account Activation

Before you can login, you must active your account with the code sent to your email address. If you did not receive this email, please check your junk/spam folder. Click here to resend the activation email. If you entered an incorrect email address, you will need to re-register with the correct email address.