Duo Auth Node

A ForgeRock Authentication Node for Duo Two Factor Authentication

Project Readme

Duo Node

A Duo integration for ForgeRock's Identity Platform 6.0 and above. This integration handles:

  1. Registration of the users device
  2. Second factor authentication
  3. Device Management (if applicable)


  1. Download the latest version of the Duo integration from here.
  2. Copy the .jar file into the ../web-container/webapps/openam/WEB-INF/lib directory where AM is deployed.
  3. Restart the web container to pick up the new node. The node will then appear in the authentication trees components palette.

Duo Configuration

  1. Create a Duo Account at https://signup.duo.com/.
  2. Log in to the Duo Admin console and click on the 'Applications' tab. alt text
  3. Click 'Protect an Application'.
  4. In the search bar type in 'Web SDK'. alt text
  5. Note down the Integration Key, Secret Key and API hostname. These will be used in the node configuration. alt text

ForgeRock Configuration

  1. Log into your ForgeRock AM console.
  2. Create a new Authentication Tree. alt text
  3. Setup the following configuration for the tree that was just created. alt text
  4. Paste in the Integration Key, Secret Key and API hostname for the corresponding Duo Web SDK Application.
  5. Generate an application key. It must be at least 40 characters long random string. You can generate a random string in Python with:
import os, hashlib
print hashlib.sha1(os.urandom(32)).hexdigest()
  1. Paste in your application key into the corresponding field in the node configuration.
  2. Set Duo Javascript URL.


  1. Log into the Tree that was created in the steps above by going to /openam/XUI/#login&service={{Tree_Name}}.
  2. Log in the your ForgeRock username and password. alt text
  3. Follow the prompts to register a new device or if you've already registered, use Duo to log in. alt text
Project Information