Individual properties beneath a section appear as: name=value The configuration file is formatted as a simple INI file.
Note that as of v4.0.0, the default file access on Windows for the conf directory is restricted to the built-in Administrators group during installation. With default installation paths, the proxy configuration file will be located at: Operating SystemĬ:\Program Files\Duo Security Authentication Proxy\conf\authproxy.cfgĬ:\Program Files (x86)\Duo Security Authentication Proxy\conf\authproxy.cfg The Duo Authentication Proxy configuration file is named authproxy.cfg, and is located in the conf subdirectory of the proxy installation. Configure the ProxyĪfter the installation completes, you will need to configure the proxy. If you ever need to uninstall the proxy, run /opt/duoauthproxy/uninstall. You can accept the default user and group names or enter your own. The installer creates a user to run the proxy service and a group to own the log directory and files.
Install the authentication proxy (as root): $ cd duoauthproxy-buildįollow the prompts to complete the installation. View checksums for Duo downloads here.Įxtract the Authentication Proxy files and build it as follows: $ tar xzf duoauthproxy-latest-src.tgz
Depending on your download method, the actual filename may reflect the version e.g. From the command line you can use curl or wget to download the file, like $ wget -content-disposition. On Debian-derived systems, install these dependencies by running (as root): $ apt-get install build-essential libffi-dev perl zlib1g-devĭownload the most recent Authentication Proxy for Unix from. On most recent RPM-based distributions - like Fedora, RedHat Enterprise, and CentOS - you can install these by running (as root): $ yum install gcc make libffi-devel perl zlib-devel diffutils See Protecting Applications for more information about protecting applications in Duo and additional application options.Įnsure that Perl and a compiler toolchain are installed. You'll need this information to complete your setup. Click Protect to get your integration key, secret key, and API hostname.
To integrate Duo with your Juniper IVE SSL VPN, you will need to install a local Duo proxy service on a machine within your network. You should already have a working primary authentication configuration for your Juniper IVE SSL VPN users before you begin to deploy Duo. You'll need to pre-enroll your users in Duo using one of our available methods before they can log in using this configuration.
It also lets you integrate Duo into a single Juniper sign-in URL with multiple authentication realms.īefore moving on to the deployment steps, it's a good idea to familiarize yourself with Duo administration concepts and features like options for applications, and Duo policy settings and how to apply them. This alternate configuration allows you to control the "failmode" - this dictates how the system will act if network communication with Duo is interrupted. Please see the FAQ for more information about the Pulse transition. While these instructions reference the Juniper SA SSL VPN throughout, they also work with the Secure Connect SSL VPN from Pulse Secure. If your organization requires IP-based rules, please review this Duo KB article. Firewall configurations that restrict outbound access to Duo's service with rules using destination IP addresses or IP address ranges aren't recommended, since these may change over time to maintain our service's high availability. This application communicates with Duo's service on TCP port 443.