A Duo integration for ForgeRock's [Identity Platform][forgerock_platform] 6.0 and above. This integration handles:
- Registration of the users device
- Second factor authentication
- Device Management (if applicable)
Copy the .jar file from the ../target directory into the ../web-container/webapps/openam/WEB-INF/lib directory where AM is deployed. Restart the web container to pick up the new node. The node will then appear in the authentication trees components palette.
- Create a Duo Account at https://signup.duo.com/.
- Log in to the Duo Admin console and click on the 'Applications' tab.
- Click 'Protect an Application'.
- In the search bar type in 'WebSDK'.
- Note down the Integration Key, Secret Key and API hostname. These will be used in the node configuration.
- Log into your ForgeRock AM console.
- Create a new Authentication Tree.
- Setup the following configuration for the tree that was just created.
- Paste in the Integration Key, Secret Key and API hostname for the corresponding Duo Web SDK Application.
- Generate an application key. It must be at least 40 characters long random string. You can generate a random string in Python with:
import os, hashlib print hashlib.sha1(os.urandom(32)).hexdigest()
- Paste in your application key into the corresponding field in the node configuration.