Video: Two-Factor Authentication for Web Apps with Duo’s Web SDK
We released an integration video to show you just how easy it is to set up two-factor authentication with your web-based application using Duo’s web SDK. Duo client libraries are available for Python, Ruby, Classic ASP, ASP.NET, Java, PHP, Node.js, Coldfusion, and Perl. Check it out!
Duo Security + Web SDK: In 7 Minutes
Step 1: Get started! Log into your Duo Admin Interface
Click on Integrations > Add New Integration
Select Integration Type dropdown > Web SDK, then Create Integration
Step 2: Download and install client library
Prior to installing, have your web server configured and ready for install.
From the Duo Web documentation, click on the PHP link for the supported client library.
Download the demo folder contents
Step 3: Set up a web app with your Duo web SDK integration
Start by generating an AKEY.
For the demo, we can run a command to generate a random AKEY string in Python.
Copy and paste the string into the AKEY value within the index.php file
Navigate to the Duo Admin Interface to find integration key, secret key and API hostname.
- Paste the values into the index.php file where the variables are defined.
Step 4: Open the index.php page through the web server
- Navigate to the page via a browser (in this case, a local directory as we’re running the demo web server locally).
Breakdown of the key steps of the two-factor authentication function within the index.php file:
Step 1 (near bottom of code) handles the primary authentication login; username + login
Step 2 (near top of code) generates a sig_request, and loads Duo’s iframe for secondary authentication.
A Duo iframe is placed on the page to display the secondary auth prompt.
The iframe generates a sig_request and posts it back to the post_action URL, then we call verify sig response to verify that the signed response is legitimate.
Step 3: verifyResponse takes the IKEY, SKEY, AKEY and sig_response as inputs, then returns the username of the authenticated user if the response is valid, or null if invalid.
After validation, any identifier (cookie, session state or other) can be set to ensure the user has successfully authenticated.
Step 5: Test it out!
Login with your username/password
On the two-factor authentication screen prompt, choose your authenticator:
Complete the authentication prompt to login.
And you’re good to go. You’ve set up two-factor authentication using Duo’s web SDK for your web application! Go forth and protect your user accounts.