Video: Two-Factor Authentication for Web Apps with Duo’s Web SDK
We released an integration video to show you just how easy it is to set up two-factor authentication with your web-based application using Duo’s web SDK. Duo client libraries are available for Python, Ruby, Classic ASP, ASP.NET, Java, PHP, Node.js, Coldfusion, and Perl. Check it out!
Duo Security + Web SDK: In 7 Minutes
These libraries are available from github.com/duosecurity. Now for endless bullets to summarize the process (legit Duo Web documentation can be found here):
Step 1: Get started! Log into your Duo Admin Interface
-
Click on Integrations > Add New Integration
-
Select Integration Type dropdown > Web SDK, then Create Integration
Step 2: Download and install client library
-
Prior to installing, have your web server configured and ready for install.
-
From the Duo Web documentation, click on the PHP link for the supported client library.
-
Download the demo folder contents
Step 3: Set up a web app with your Duo web SDK integration
-
Start by generating an AKEY.
-
For the demo, we can run a command to generate a random AKEY string in Python.
-
Copy and paste the string into the AKEY value within the index.php file
-
Navigate to the Duo Admin Interface to find integration key, secret key and API hostname.
-
Paste the values into the index.php file where the variables are defined.
Step 4: Open the index.php page through the web server
- Navigate to the page via a browser (in this case, a local directory as we’re running the demo web server locally).
Breakdown of the key steps of the two-factor authentication function within the index.php file:
-
Step 1 (near bottom of code) handles the primary authentication login; username + login
-
Step 2 (near top of code) generates a sig_request, and loads Duo’s iframe for secondary authentication.
-
Duo’s JavaScript handles setup and communication between the iframe, the user and your server. You just need to add a short snippet of JavaScript code (5:00).
-
A Duo iframe is placed on the page to display the secondary auth prompt.
-
The iframe generates a sig_request and posts it back to the post_action URL, then we call verify sig response to verify that the signed response is legitimate.
-
-
Step 3: verifyResponse takes the IKEY, SKEY, AKEY and sig_response as inputs, then returns the username of the authenticated user if the response is valid, or null if invalid.
-
After validation, any identifier (cookie, session state or other) can be set to ensure the user has successfully authenticated.
Step 5: Test it out!
-
Login with your username/password
-
On the two-factor authentication screen prompt, choose your authenticator:
-
Complete the authentication prompt to login.
And you’re good to go. You’ve set up two-factor authentication using Duo’s web SDK for your web application! Go forth and protect your user accounts.