Duo - Additional Application

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Duo - Additional Application

Cath Messner
If we wish to have multiple Duo applications -- to support multiple policies -- can we add an additional bean like below to 'duo-authn-config.xml'? We have already consumed 'SpecialDuo' for a very special application.

<bean id="DefaultDuo2" class="net.shibboleth.idp.authn.duo.BasicDuoIntegration"
    p:APIHost="%{idp.duo2.apiHost:none}"
    p:applicationKey="%{idp.duo2.applicationKey:none}"
    p:integrationKey="%{idp.duo2.integrationKey:none}"
    p:secretKey="%{idp.duo2.secretKey:none}" />

<util:map id="DuoIntegrationMap">
   <entry key="default" value-ref="DefaultDuo" />
   <entry key="https://hello/shibboleth" value-ref="SpecialDuo2" />
</util:map>


Update in 'duo.properties':

idp.duo2.apiHost = api-blah.duosecurity.com
idp.duo2.applicationKey = xxxxx
idp.duo2.integrationKey = yyy
idp.duo2.secretKey = xxx

And subsequently https://hello/shibboleth will go to the Duo Application with the 'duo2' application/integration key?




--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Duo - Additional Application

Cantor, Scott E.
You can have as many as you want but you have to build a strategy function to determine which one to use as the documentation outlines; there's a bean name reserved (name is not in my memory, it's in the documentation).

That will be evaluated and called to get the integration parameters. The default behavior just automatically applies a function that statically returns a single integration, but you can build your own to do it however you want.

The page includes an example of using a simple map bean and some Javascript to decide which entry in the map is used.

-- Scott



--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]