Duo Security Authentication

Duo Security is a two-step verification service the provides additional security for access to institutional and personal data.

Duo offers several options for authenticating users:

  • a mobile push notification and one-button verification of identity to a smartphone (requires the free Duo Mobile app)
  • a one-time code generated on a smartphone
  • a one-time code generated by Duo and sent to a handset via SMS text messaging
  • a telephone call from that will prompt you to validate the login request
1
2
3
4
5
<dependency>
  <groupId>org.apereo.cas</groupId>
  <artifactId>cas-server-support-duo</artifactId>
  <version>${cas.version}</version>
</dependency>
1
implementation "org.apereo.cas:cas-server-support-duo:${project.'cas.version'}"
1
2
3
4
5
6
7
8
9
dependencyManagement {
  imports {
    mavenBom "org.apereo.cas:cas-server-support-bom:${project.'cas.version'}"
  }
}

dependencies {  
  implementation "org.apereo.cas:cas-server-support-duo"
}
Usage

Please note that support for Duo multifactor authentication that is based on the Duo's Web SDK and the embedded iFrame is deprecated and scheduled to be removed in the future. You should consider switching to the 'Universal Prompt' variant described in this document to avoid surprised in future upgrades.

Actuator Endpoints

The following endpoints are provided by CAS: