search

wso2-extensions / identity-outbound-auth-duo

Apache License 2.0
4 stars 43 forks source link

Need to upgrade Duo libraries to use Duo Universal Prompt #47

Open jwade42 opened 2 years ago

jwade42 commented 2 years ago

Description: identity-outbound-auth-duo uses the legacy Duo Libraries and needs to be updated to the use the new Duo Universal Prompt. Has anyone started on this? If not I could work on this and submit the changes.

See https://duo.com/docs/universal-prompt-update-guide

This update is a significant benefit since Duo Universal Prompt uses first party cookies and no more iFrames which should fix the mobile responsive design issues in the current solution as well as the Chrome OS sign-in issue and the Safari web browser "remember me" problem.

Suggested Labels:

Suggested Assignees:

Affected Product Version: All versions OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

jwade42 commented 1 year ago

Note that as of March 30, 2024, The traditional Duo prompt will be end of life and this will cease to work. https://help.duo.com/s/article/7839?language=en_US So if anyone other than us is using this, we will be out of luck

rileyw commented 1 year ago

+1

cayaraa commented 1 year ago

+1

daparker commented 1 year ago

+1

We need support for the Duo Universal Prompt ASAP!

hydrarock210 commented 1 year ago

Are there any updates on Duo Universal Prompt support? We are discussing moving away from WS02 as we may have no other options.

rileyw commented 1 year ago

I see that a recent PR, https://github.com/wso2-extensions/identity-outbound-auth-duo/pull/54, was approved that upgrades the Duo library and enables Universal Prompt support. I haven't tried this JAR but I would suspect that we should WSO2 start pushing this newer version.

rileyw commented 1 year ago

PR isn't backwards compatible with 5.10.0 due to its use of newer versions of the carbon-identity-framework. An additional PR might be needed to provide support for 5.10.0.

I did apply the following changes and build a JAR that was deployable to 5.10.0 with latest WSO2 updates.

diff --git a/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/duo/DuoAuthenticator.java b/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/duo/DuoAuthenticator.java
index 9bda913..ba33744 100644
--- a/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/duo/DuoAuthenticator.java
+++ b/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/duo/DuoAuthenticator.java
@@ -554,7 +554,7 @@ public class DuoAuthenticator extends AbstractApplicationAuthenticator implement
                     toString(), requestState);

             if (!isValidResponse) {
-                throw new AuthenticationFailedException(DuoAuthenticatorConstants.DuoErrors.ERROR_VERIFY_USER,
+                throw new AuthenticationFailedException(DuoAuthenticatorConstants.DuoErrors.ERROR_VERIFY_USER +
                         "Authentication failed!. Duo response state does not match with the context state");
             }
             AuthenticatedUser authenticatedUser = (AuthenticatedUser) context
diff --git a/pom.xml b/pom.xml
index a850799..f468d5e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -452,13 +452,13 @@
                         <findbugsXmlOutputDirectory>${project.build.directory}/findbugs</findbugsXmlOutputDirectory>
                     </configuration>
                     <executions>
-                        <execution>
+                        <!-- <execution>
                             <id>analyze-compile</id>
                             <phase>compile</phase>
                             <goals>
                                 <goal>check</goal>
                             </goals>
-                        </execution>
+                        </execution> -->
                     </executions>
                 </plugin>
             </plugins>
@@ -468,16 +468,16 @@
         <repository>
             <id>nexus-releases</id>
             <name>WSO2 Release Distribution Repository</name>
-            <url>http://maven.wso2.org/nexus/service/local/staging/deploy/maven2/</url>
+            <url>https://maven.wso2.org/nexus/service/local/staging/deploy/maven2/</url>
         </repository>
         <snapshotRepository>
             <id>wso2.snapshots</id>
             <name>Apache Snapshot Repository</name>
-            <url>http://maven.wso2.org/nexus/content/repositories/snapshots/</url>
+            <url>https://maven.wso2.org/nexus/content/repositories/snapshots/</url>
         </snapshotRepository>
     </distributionManagement>
     <properties>
-        <carbon.identity.version>5.25.166</carbon.identity.version>
+        <carbon.identity.version>5.17.117</carbon.identity.version>
         <carbon.identity.association.version>5.4.0</carbon.identity.association.version>
         <carbon.identity.outbound.auth.openid.version>5.5.0</carbon.identity.outbound.auth.openid.version>
         <carbon.identity.outbound.auth.oidc.version>5.5.0</carbon.identity.outbound.auth.oidc.version>

Mileage may vary.

njsmith66 commented 1 year ago

Rileyw do you have instructions for what I need to do to update to the Universal Prompt capable plugin?