Start a trial with Duo Security at https://signup.duo.com. Setup your account, add yourself and your phone number as an end-user, create an application, and use your application's client id, client secret, and api hostname for the required environment variables of this coldbox application.
Learn all about Duo's web sdk requirements at https://duo.com/docs/oauthapi.
Duo requires that the redirect uri is secure(https). See instructions below.
- git clone https://github.com/webmandman/duocfml-coldbox-example
- cd duocfml-coldbox-example
- create .env file with all required environment variables, see .env.example
- duo_clientid (get from your application settings @duosecurity.com)
- duo_clientsecret (get from your application settings @duosecurity.com)
- duo_apihostname (get from your application settings @duosecurity.com)
- duo_authredirecturi (this is the url duo will redirect back to your application)
- box install
- box server start
When you start the server(step 7) configured for this app Commandbox will serve the site at https://local.duocfmlexample/ but you'll get a browser warning that it is not secure. Follow the following steps to generate a certificate for https://local.duocfmlexample
- Edit settings in certificate.cnf as you wish or leave it as is.
- In terminal, make sure you have openssl in your PATH.
- CD into the root of this application
- Run this command
openssl req -new -x509 -newkey rsa:2048 -sha256 -nodes -keyout local.duocfmlexample.key -days 3560 -out local.duocfmlexample.crt -config certificate.cnf
- This will generate two files, local.duocfmlexample.key and local.duocfmlexample.crt
- Now add the crt file to your browser keystore or your OS keystore. If you use Chrome to test, then simple add your crt to Trusted Root Certificates via Settings > Privacy > Manage Certs
- Add the certfile and keyfile settings under SSL in server.json. The location of the files can be anywhere on your OS.
"SSL":{
"enable":true,
"port":443,
"certFile":"local.duocfmlexample.crt",
"keyfile":"local.duocfmlexample.key"
}
- box server restart
- Add an actual login form