Update readme.md

Signed-off-by: mzico <[email protected]>
GluuFederation · Jun 13, 2024 · 08483bf · 08483bf
1 parent d773b83
commit 08483bf
Showing 1 changed file with 51 additions and 14 deletions.
diff --git a/Server/integrations/duo.passport.combine/readme.md b/Server/integrations/duo.passport.combine/readme.md
@@ -5,35 +5,72 @@ There are two options in a Passport enabled Gluu Server:
   - oxAuth login ( left side )
   - Passport login ( right side )
 
-This 
+This script will ask for Duo when user will use oxAuth login. 
+
+### Implementation Note
+
+ - This implemented in one customer's 4.4.0.sp1
+ - This script should work in 4.5 without downloading oxauth and Jetty modification ( below step number 1 and 2 ) 
+
+### Configuration in Gluu CE 4.4.0
+
+#### Download oxAuth 
 
-### Download oxAuth 
 Get `oxauth.war` from https://maven.gluu.org/maven/org/gluu/oxauth-server/4.4.0.sp1/oxauth-server-4.4.0.sp1.war
 
-### Jetty Compatible
+#### Jetty Compatible
+
 By default old war files are for version 9. As result it apply small changes in war file to run it correctly under jetty 10.
 
-Run `/opt/gluu/bin/jetty10CompatibleWar.py` to update it to conform jetty 10.
+ - Run `/opt/gluu/bin/jetty10CompatibleWar.py` to update it to conform jetty 10.
 ```
 $ ./jetty10CompatibleWar.py -in-file[Downloaded server] -out-file[Downloaded server]
 example 
 $ ./jetty10CompatibleWar.py -in-file /opt/gluu/jetty/oxauth/webapps/4.4.0.sp1/oxauth-server-4.4.0.sp1.war -out-file /opt/gluu/jetty/oxauth/webapps/4.4.0.sp1/oxauth.war
 ```
-Stop your **oxauth** service `systemctl stop oxauth`
+ - Stop your **oxauth** service `systemctl stop oxauth`
+
+ - Replace JettyCompatible war file at `/opt/gluu/jetty/oxauth/webapps/oxauth.war`
 
-Replace JettyCompatible war file at `/opt/gluu/jetty/oxauth/webapps/oxauth.war`
+#### Add External Dependency
 
-### Add External Dependency
-Add the duo-universal Dependency to your oxAuth at`/opt/gluu/jetty/oxauth/custom/libs/*.jar`
-Register custom libs in oxauth.xml `/opt/gluu/jetty/oxauth/webapps/oxauth.xml`
+Follow [this](https://github.com/GluuFederation/oxAuth/tree/master/Server/integrations/duo-universal-prompt) doc to: 
+  - Add the duo-universal Dependency to your oxAuth at`/opt/gluu/jetty/oxauth/custom/libs/*.jar`
+  - Register custom libs in oxauth.xml `/opt/gluu/jetty/oxauth/webapps/oxauth.xml`
 
 Start the **oxauth** service `systemctl start oxauth`
 
 ### Add Custom Script
-1. Navigate to `Configuration` > `Person Authentication Scripts`.
-   Add a custom script for the 2 factor authentication using DUO and Passport credentials.  
+- Navigate to `Configuration` > `Person Authentication Scripts`.
+   Add new custom script for the 2 factor authentication using DUO and Passport credentials.  
+
+- Add the following Custom Property ( key/value pairs ): 
+   - For DUO security 
+      - `client_id`
+      - `client_secret`
+      - `api_hostname` 
+   - For Passport social
+      -  `key_store_file`
+      -  `key_store_password`
+
+- Enable and save.
+- *NOTE*: you have to make sure that your `passport_social` and/or `passport_saml` + `Duo Universal` scripts are enabled. This is a combine operation so three scripts must have to runn successfully. 
+
+- A successful configuration should throw snippet like below in `/opt/gluu/jetty/oxauth/oxauth_script.log`
+
+    ```
+    2024-06-12 17:56:26,937 INFO  [oxAuthScheduler_Worker-4] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Passport. init. Initialization success
+    2024-06-12 17:56:26,937 INFO  [oxAuthScheduler_Worker-4] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Duo-Universal. Initialization
+    2024-06-12 17:56:26,937 INFO  [oxAuthScheduler_Worker-4] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Duo-Universal. Initialized successfully
+    2024-06-12 17:56:26,937 INFO  [oxAuthScheduler_Worker-4] [org.gluu.service.PythonService$PythonLoggerOutputStream] (PythonService.java:243) - Passport. and Duo-Universal Initialized successfully
+    2024-06-12 17:56:26,941 TRACE [oxAuthScheduler_Worker-4] [org.gluu.service.custom.script.CustomScriptManager] (CustomScriptManager.java:134) - Last finished time '2024-06-12T17:56:26.941+0000'
+    ```
+
+### Test
 
-2. Add the following Custom Property ( key/value pairs ): For DUO security `client_id`, `client_secret`, and `api_hostname`, 
-for Passport social `key_store_file`, and `key_store_password`
+To test your setup always use incognito or new browser. 
 
-3. Enable and save.
+ - Go to `Manage Authentication` > `Default Authentication Method`
+ - Change `oxTrust ACR` to "DuoPassportCombine" ( or whichever name you supplied )
+ - `Update`
+ - Test