Curious if there’s a Duo module or recommended SAML config method to protect apps behind apache or nginx so the SAML auth can occur at the web server level instead of the app, or just for site access?
Hi @colohost, thanks for your question! While there are no existing Duo integrations for either Apache or Nginx at this time, there are feature requests for these which you can request to be added to, either through the Duo Support team, or your Account Executive or Customer Success Manager if you have one.
We normally direct people to use the Duo Web SDK for protecting Apache, and I found this documentation on their site for Guacamole that also recommends the Web SDK solution: Chapter 8. Duo two-factor authentication
There are a few other solutions I can recommend based on what I’ve found in searches that seem to work for other users (untested and unsupported by us), but none use SAML, so I’m not sure if they will work for you.
- Nginx configured with the pam_radius module for authentication causes users to experience double push notifications, but the user is able to authenticate.
- There is also this blog post on protecting Apache webserver with the Duo Authentication Proxy as an LDAP server.
Not exactly the answer you were looking for, but I hope that helps!