Nextcloud community

2FA (Two Factor) DUO Universal Prompt (New Method) For Nextcloud Any Versions

ardhie July 25, 2024, 7:24pm 1

Effective March 30, 2024, Duo Security will no longer support the traditional Duo Prompt. This will mean no longer supporting the iFrame experience in the Duo Prompt or any dependencies on the iFrame.

Experimental New Method Two-Factor DUO Universal Prompt for Nextcloud

Tested on Nextcloud versions 27, 28, and 29

Configuration

Add your duo configuration to your Nextcloud’s nextcloud/config/config.php fils:

'twofactor_duo' => [
    'IKEY' => 'xxx',
    'SKEY' => 'yyy',
    'HOST' => '*.duosecurity.com',
    'CALL' => 'https://example.com/login/callback/duo',
  ],

Nextcloud Lib Patch

nextcloud/lib/public/Authentication/TwoFactorAuth/IProvider.php

nextcloud/lib/private/Authentication/TwoFactorAuth/Manager.php

nextcloud/apps/twofactor_backupcodes/lib/Provider/BackupCodesProvider.php

public function verifyChallenge(IUser $user, string $challenge): bool;

Change to: (remove the word string)

public function verifyChallenge(IUser $user, $challenge): bool;

Nextcloud Core Patch

nextcloud/core/routes.php

['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'POST'],

After that line, add this:

['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/callback/{challengeProviderId}', 'verb' => 'GET'],

Nexcloud 28 with DUO Security 2FA (Two Factor)

XceptN October 24, 2024, 12:19pm 2

Starting with NextCloud 29, the core/routes.php file does not have the respective array to make the relevant changes.

Moreover, with NextCloud 30 (could not test 29) the call to API just shows as below and 2FA with DUO does not work: