Duo mfa (or preferably DAG SAML) with Tomcat?


Hi all, I’m deploying an open source app within Tomcat and it does not have functionality built in for any 2fa/mfa solution, nor SAML. It does have the ability to do SSO via its container (Tomcat in this case). We use Duo Access Gateway for SAML-based SSO to cloud apps, and ideally would do the same with this thing, so I was curious if anyone has successfully integrated Duo’s Access Gateway with Tomcat? I have a rough idea that such an integration may be possible with Spring’s SAML gateway, but have not gone down that path yet. Not as ideal, but another option, would be for me to do Tomcat-level active directory / ldap auth, but I’d still want to hook traditional Duo MFA into that, so I’d still need to figure out how to do that piece if that’s any easier than DAG/SAML+Tomcat.

Duo support doesn’t provide any guidance on either option; they’ll just point you at the java github client https://github.com/duosecurity/duo_client_java which is not really applicable.