Integrating DUO Security MFA with Nextcloud 21

Environment

  • CENTOS 7
  • HTTPD
  • PHP 7.4
  • Nextcloud 21


Open and download files from GitHub



then extract zip to your Nextcloud path at folder [nextcloud_path]/apps/twofactor_duo

=====================================================================

open file [nextcloud_path]/apps/twofactor_duo/appinfo/info.xml

Find and delete below code:

<dependencies>
	<php min-version="5.6" max-version="7.1" />
	<nextcloud min-version="13" max-version="13" />
</dependencies>

and replace this <category>auth</category> to

<category>integration</category>
<category>security</category>

=====================================================================

next, open [nextcloud_path]/config/config.php

add this code before );

'twofactor_duo' => [
  'IKEY' => 'xxxx',
  'SKEY' => 'xxxxx',
  'HOST' => 'xxxxx',
  'AKEY' => 'xxxx',
],

note: for AKEY use IKEY value

=====================================================================

open this files [nextcloud_path]/lib/public/Authentication/TwoFactorAuth/IProvider.php

under “interface IProvider” section find all of the public functions and remove the colon and type after the function name
example: change “public function getId(): string;” to “public function getId();”. This needs to be done for all six public functions.

=====================================================================

open [nextcloud_path]/lib/public/Authentication/TwoFactorAuth/IProvidesCustomCSP.php

search for “public function getCSP”. Comment out line and put in “public function getCSP();

=====================================================================

open [nextcloud_path]/lib/public/Authentication/TwoFactorAuth/IProvidesCustomCSP.php

search for “public function getCSP”. Comment out line and put in “public function getCSP();

=====================================================================

open [nextcloud_path]/core/Controller/TwoFactorChallengeController.php

search for “return new StandaloneTemplateRe sponse” and comment out that line, and add this code

$response = new TemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest');
if ($provider instanceof IProvidesCustomCSP) {
  $response->setContentSecurityPolicy($provider->getCSP());
}
return $response;

=====================================================================
after this try to enable twofactor_duo app, you can do it directly from your Nextcloud Apps or use occ from cli

cd /nextcloud/path/directory
sudo -u apache php occ app:enable twofactor_duo

=====================================================================
use cli
sudo -u apache php occ integrity:check-core
you will see INVALID_HASH ( Failed integrity check, invalid hash)
just see under detect file with have invalid hash, had expected hash and current hash

open [nextcloud_path]/core/signature.json

find expected hash and then replace with current hash, do it all

=====================================================================
now we must create signature for twofactor_duo
first we must generate key and then crt

sudo openssl genrsa -des3 -out /etc/ssl/twofactor.key 2048
sudo openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /etc/ssl/twofactor.key -out /etc/ssl/twofactor.crt
sudo -u apache php occ integrity:sign-app --path apps/twofactor_duo --privateKey /etc/ssl/twofactor.key --certificate /etc/ssl/twofactor.crt

=====================================================================
try to logout and login again

Good Luck




Tags

Leave a Comment

 
Required 'Candidate' login to applying this job. Click here to logout And try again
 
 

Answers

 

Account Activation

Before you can login, you must active your account with the code sent to your email address. If you did not receive this email, please check your junk/spam folder. Click here to resend the activation email. If you entered an incorrect email address, you will need to re-register with the correct email address.