This is a first draft and may not be what you consider "done enough" but it gets the job done.
https://duo.com/docs/duoweb is important to follow.
add the perl Duo/Web.pm folder to Kernel/System as Kernel/System/Duo/Web.pm link to Web.pm
Also edit the package line in Web.pm to say Kernel::System::Duo::Web
and the js file (min or full, your choice, but update the html file to reflect the one you choose) to /opt/otrs/var/httpd/httpdocs/js/thirdparty/Duo/
link to js
Basically, I made a document in /opt/otrs/var/httpd/htdocs/common/duocheck.html
Code: Select all
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
</head>
<body>
<script src="/otrs-web/js/thirdparty/Duo/Duo-Web-v2.js"></script>
<script>
const queryString = window.location.search;
const urlParams = new URLSearchParams(queryString);
const sig_request = urlParams.get('sig_request')
Duo.init({
'host': 'api-[yournumber here].duosecurity.com',
'sig_request': sig_request,
'post_action': '/otrs/index.pl?Action=Login'
});
</script>
<iframe id="duo_iframe">
</iframe>
<style>
#duo_iframe {
width: 100%;
min-width: 304px;
max-width: 620px;
height: 330px;
border: none;
}
</style>
</body>
</html>
under use Kernel::System::DateTime;
Code: Select all
use Kernel::System::Duo::Web;
Code: Select all
my $SigResponse = $ParamObject->GetParam(
Param => 'sig_response',
Raw => 1
) || '';
Code: Select all
# create AuthObject
my $AuthObject = $Kernel::OM->Get('Kernel::System::Auth');
# If there's a sig_response posted, we probably should accept that it's verified
my $User;
if ($SigResponse ) {
$User = Kernel::System::Duo::Web::verify_response('your_ikey', 'your_skey', 'your_akey', $SigResponse);
} else {
# check submitted data
$User = $AuthObject->Auth(
User => $PostUser,
Pw => $PostPw,
TwoFactorToken => $PostTwoFactorToken,
);
};
Code: Select all
if (!$SigResponse) {
my $LayoutObject = $Kernel::OM->Get('Kernel::Output::HTML::Layout');
my $sig_request = Kernel::System::Duo::Web::sign_request('your_ikey', 'your_skey', 'your_akey', $User);
print $LayoutObject->Redirect(
ExtURL => "/otrs-web/common/duocheck.html?sig_request=$sig_request",
);
return;
}
# login is successful
my %UserData = $UserObject->GetUserData(