Merge pull request #1227 from Versent/add_duo_mfa_to_onelogin

Add Duo Duo Security to accepted OneLogin MFA options
Versent · Feb 28, 2024 · 4d3b437 · 4d3b437
2 parents 1ff0243 + 2366a36
commit 4d3b437
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/pkg/provider/onelogin/onelogin.go b/pkg/provider/onelogin/onelogin.go
@@ -26,6 +26,7 @@ const (
 	IdentifierSmsMfa             = "OneLogin SMS"
 	IdentifierTotpMfa            = "Google Authenticator"
 	IdentifierYubiKey            = "Yubico YubiKey"
+	IdentifierDuoSecurity        = "Duo Duo Security"
 
 	MessageMFARequired = "MFA is required for this user"
 	MessageSuccess     = "Success"
@@ -43,6 +44,7 @@ var (
 		IdentifierSmsMfa:             "SMS",
 		IdentifierTotpMfa:            "TOTP",
 		IdentifierYubiKey:            "YUBIKEY",
+		IdentifierDuoSecurity:        "DUO TOTP",
 	}
 )
 
@@ -250,7 +252,7 @@ func verifyMFA(oc *Client, oauthToken, appID, host, resp string) (string, error)
 
 	switch mfaIdentifer {
 	// These MFA options doesn't need additional request (e.g. to send SMS or a push notification etc) since the user can generate the code using their MFA app of choice.
-	case IdentifierTotpMfa, IdentifierYubiKey:
+	case IdentifierTotpMfa, IdentifierYubiKey, IdentifierDuoSecurity:
 		break
 
 	default:
@@ -284,7 +286,7 @@ func verifyMFA(oc *Client, oauthToken, appID, host, resp string) (string, error)
 	}
 
 	switch mfaIdentifer {
-	case IdentifierSmsMfa, IdentifierTotpMfa, IdentifierYubiKey:
+	case IdentifierSmsMfa, IdentifierTotpMfa, IdentifierYubiKey, IdentifierDuoSecurity:
 		verifyCode := prompter.StringRequired("Enter verification code")
 		var verifyBody bytes.Buffer
 		err := json.NewEncoder(&verifyBody).Encode(VerifyRequest{AppID: appID, DeviceID: mfaDeviceID, StateToken: stateToken, OTPToken: verifyCode})

diff --git a/saml2aws.go b/saml2aws.go
@@ -41,7 +41,7 @@ var MFAsByProvider = ProviderList{
 	"PingOne":       []string{"Auto"},        // automatically detects PingID
 	"JumpCloud":     []string{"Auto", "TOTP", "WEBAUTHN", "DUO", "PUSH"},
 	"Okta":          []string{"Auto", "PUSH", "DUO", "SMS", "TOTP", "OKTA", "FIDO", "YUBICO TOKEN:HARDWARE", "SYMANTEC"}, // automatically detects DUO, SMS, ToTP, and FIDO
-	"OneLogin":      []string{"Auto", "OLP", "SMS", "TOTP", "YUBIKEY"},                                                   // automatically detects OneLogin Protect, SMS and ToTP
+	"OneLogin":      []string{"Auto", "OLP", "SMS", "TOTP", "YUBIKEY", "DUO TOTP"},                                       // automatically detects OneLogin Protect, SMS and ToTP
 	"Authentik":     []string{"Auto"},
 	"KeyCloak":      []string{"Auto"}, // automatically detects ToTP
 	"GoogleApps":    []string{"Auto"}, // automatically detects ToTP