Enable support for DUO Universal Login prompt

dani-garcia / vaultwarden

Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs

GNU Affero General Public License v3.0

34.78k stars 1.69k forks source link

Enable support for DUO Universal Login prompt #4529

Open jeroen-ansink opened 2 months ago

jeroen-ansink commented 2 months ago

Subject of the issue

Currently unable to login, because DUO Universal login prompt is not supported.

Deployment environment

vaultwarden version:

Install method: docker image
Clients used: web vault
Reverse proxy and version: caddy 2
Other relevant details:

Steps to reproduce

Try to login with DUO 2FA enabled.

Expected behaviour

Able to login using DUO

Actual behaviour

Unable to login using DUO

Troubleshooting data

BlackDex commented 2 months ago

We need to make some big changes in the code for this. It will probably take some time.

jeroen-ansink commented 2 months ago

Ok, is there maybe a way to disable DUO in the backend without being able to login to the frontend and without having a recovery code?

BlackDex commented 2 months ago

You can remove all MFA/2FA from your account via the /admin interface

ajb3932 commented 2 months ago

I'm also having this issue too. No pressure to fix asap from me, just wanted to raise awareness.

BlackDex commented 2 months ago

There seems to be a bug in the latest web-vault btw https://github.com/bitwarden/clients/issues/8554 Not sure if that is also the case in the web-vault we currently bundle, but i do not think so.

GeorgeCastanza commented 1 month ago

Me too. As a new user, it wont allow me to use the old (expired, but still working until Sep-24 for some) prompt.

0x0fbc commented 1 month ago

I saw the 'help wanted'. Is there any specific assistance you're looking for? If there isn't anyone actively working on this, I can take a shot at it.

BlackDex commented 1 month ago

@0x0fbc, i only looked at the available code of the universal duo implementation provided by Duo in the python and php language to have a baseline. But not yet started coding it.

So, if you want to take a crack at it, feel free to do so 😄. Everytime I want to start on it i need to do other stuff instead or I am hindered to use a laptop unfortunately.

If you need some help you can find me on our Vaultwarden Matrix channel.

yurividal commented 1 month ago

This is odd. i have DUO enabled in my account, and I can login just fine with it. I am running latest vaultwarden, and have had DUO activated for more than 1 year.

ajb3932 commented 1 month ago

Effective March 30, 2024 Duo no longer supports the traditional Duo Prompt for most applications.

I think it only affects users trying to activate Duo since March 30th.

Simon-CR commented 1 month ago

that would most likely explain this: Can't fetch Duo Keys error when trying to log into the web vault. Since I had this enable on the vault itself, I had to "remove all 2FA" from the user...