From 661942f114ee1551ec14500822f63a9577dac33a Mon Sep 17 00:00:00 2001 From: Denis Rosca Date: Wed, 11 Jan 2023 16:41:57 +0200 Subject: [PATCH 1/2] Add Duo Duo Security to accepted mfa options --- pkg/provider/onelogin/onelogin.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pkg/provider/onelogin/onelogin.go b/pkg/provider/onelogin/onelogin.go index c4b87b28e..89afa2c06 100644 --- a/pkg/provider/onelogin/onelogin.go +++ b/pkg/provider/onelogin/onelogin.go @@ -26,6 +26,7 @@ const ( IdentifierSmsMfa = "OneLogin SMS" IdentifierTotpMfa = "Google Authenticator" IdentifierYubiKey = "Yubico YubiKey" + IdentifierDuoSecurity = "Duo Duo Security" MessageMFARequired = "MFA is required for this user" MessageSuccess = "Success" @@ -43,6 +44,7 @@ var ( IdentifierSmsMfa: "SMS", IdentifierTotpMfa: "TOTP", IdentifierYubiKey: "YUBIKEY", + IdentifierDuoSecurity: "DUO TOTP", } ) @@ -250,7 +252,7 @@ func verifyMFA(oc *Client, oauthToken, appID, host, resp string) (string, error) switch mfaIdentifer { // These MFA options doesn't need additional request (e.g. to send SMS or a push notification etc) since the user can generate the code using their MFA app of choice. - case IdentifierTotpMfa, IdentifierYubiKey: + case IdentifierTotpMfa, IdentifierYubiKey, IdentifierDuoSecurity: break default: @@ -284,7 +286,7 @@ func verifyMFA(oc *Client, oauthToken, appID, host, resp string) (string, error) } switch mfaIdentifer { - case IdentifierSmsMfa, IdentifierTotpMfa, IdentifierYubiKey: + case IdentifierSmsMfa, IdentifierTotpMfa, IdentifierYubiKey, IdentifierDuoSecurity: verifyCode := prompter.StringRequired("Enter verification code") var verifyBody bytes.Buffer err := json.NewEncoder(&verifyBody).Encode(VerifyRequest{AppID: appID, DeviceID: mfaDeviceID, StateToken: stateToken, OTPToken: verifyCode}) From bf091feac255de706f1109d4862374bcf8a20acb Mon Sep 17 00:00:00 2001 From: Mark Gerard Date: Wed, 28 Feb 2024 16:04:53 +1000 Subject: [PATCH 2/2] [duo-totp]: Fix the spacing to make the linter happy --- pkg/provider/onelogin/onelogin.go | 4 ++-- saml2aws.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/provider/onelogin/onelogin.go b/pkg/provider/onelogin/onelogin.go index 69e3113f2..951e4db21 100644 --- a/pkg/provider/onelogin/onelogin.go +++ b/pkg/provider/onelogin/onelogin.go @@ -26,7 +26,7 @@ const ( IdentifierSmsMfa = "OneLogin SMS" IdentifierTotpMfa = "Google Authenticator" IdentifierYubiKey = "Yubico YubiKey" - IdentifierDuoSecurity = "Duo Duo Security" + IdentifierDuoSecurity = "Duo Duo Security" MessageMFARequired = "MFA is required for this user" MessageSuccess = "Success" @@ -44,7 +44,7 @@ var ( IdentifierSmsMfa: "SMS", IdentifierTotpMfa: "TOTP", IdentifierYubiKey: "YUBIKEY", - IdentifierDuoSecurity: "DUO TOTP", + IdentifierDuoSecurity: "DUO TOTP", } ) diff --git a/saml2aws.go b/saml2aws.go index 5a8da79fd..670e79f5d 100644 --- a/saml2aws.go +++ b/saml2aws.go @@ -41,7 +41,7 @@ var MFAsByProvider = ProviderList{ "PingOne": []string{"Auto"}, // automatically detects PingID "JumpCloud": []string{"Auto", "TOTP", "WEBAUTHN", "DUO", "PUSH"}, "Okta": []string{"Auto", "PUSH", "DUO", "SMS", "TOTP", "OKTA", "FIDO", "YUBICO TOKEN:HARDWARE", "SYMANTEC"}, // automatically detects DUO, SMS, ToTP, and FIDO - "OneLogin": []string{"Auto", "OLP", "SMS", "TOTP", "YUBIKEY"}, // automatically detects OneLogin Protect, SMS and ToTP + "OneLogin": []string{"Auto", "OLP", "SMS", "TOTP", "YUBIKEY", "DUO TOTP"}, // automatically detects OneLogin Protect, SMS and ToTP "Authentik": []string{"Auto"}, "KeyCloak": []string{"Auto"}, // automatically detects ToTP "GoogleApps": []string{"Auto"}, // automatically detects ToTP