In case there is still any interest in Duo two-factor auth, I just got this working on our system (version 18.0.1) using the app from @ChristophWurst and am pretty pleased with it. I took some rough notes on what I did to get this to work. It requires a bit of fiddling around with things, but once it works its pretty nice. Below is a link to my notes, I don’t claim that what I did is correct by any measure (or even good) only that it works for me currently. I also don’t make any promises that I did not forget to note something that I did, but I believe it is pretty complete, and I thought I would share it just in case it might be helpful to someone else.
@perler, it seems like there is an error that is preventing the iFrame from being generated with the Duo challenge, which is why you only see the blank area for the challenge and nothing on the Duo logs.
I would recommend that you check the Nextcloud log file for errors, maybe searching on twoFactor_duo or TwoFactorDuo. It should give you an indication of what the error(s) are, which would point you in the direction of what to look into.
Thank you @kbundy or the notes! I wish this would have been documented like you did in the first place.
@perler check your Application Key (akey), if you look at the source code of your page, it probably states that your key is not 40 characters (minimum). I had the same problem and it went away by extending the akey (value doesn’t matter).
Now I only have one problem left, is an auto-log out after 5 minutes. Did you also experience this?
I’m seeing the exact same thing as @perler
Getting a blank duo screen with nothing being sent or logged on duo’s end.
Extending the AKEY to 40 characters gives me an authentication error. I’m currently using the IKEY value as the AKEY value. I tried swapping the SKEY value in there since it’s 40 characters and get the same authentication error. So went back to the IKEY.
Checking the logs as suggested by @kbundy and searching for twoFactor_duo and TwoFactorDuo come up with nothing, although searching for just “Duo” does return this for a result.
{"reqId":"Y6KnLqaPuRWQVn2S5ffe","level":0,"time":"November 06, 2021 14:30:07","remoteAddr":"IPADDRESS","user":"USER","app":"files_sharing","method":"GET","url":"/index.php/login/challenge/duo","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40","version":"21.0.1.1"}
{"reqId":"iuCFFpRWTa2At1ku9ig6","level":3,"time":"November 06, 2021 14:32:52","remoteAddr":"IPADDRESS","user":"USERNAME","app":"core","method":"GET","url":"/index.php/login/selectchallenge?redirect_url=/index.php/apps/dashboard/","message":"two-factor auth provider 'duo' failed to load","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40","version":"21.0.1.1"}
From my understanding the deprecated error is simply a warning for the dev and doesn’t affect functionality.
The other, “failed to load” doesn’t really give me much to go off of as to why or why not.
!
