[error] The Auth Proxy was not able to validate the provided API credentials

byunkook · May 10, 2023, 9:39pm

I’m trying to setup Cisco ASA SSL VPN protection using [radius_server_duo_only]

This is the configuration that I want to validate.

[radius_server_duo_only]
ikey=XXXXXXXXXXXXXXXX
skey=XXXXXXXXXXXXXXXXXXXXXXXX
api_host=■■■■■■■■■■■■■■■■■■■■■■■■■■■
failmode=safe
radius_ip_1=172.16.18.10
radius_secret_1=thisisradiussecret

I get below error when I validate from Authentication Proxy Manager installed on Windows 2019 server.

[error] The Auth Proxy was not able to validate the provided API credentials.
[error] Check that the credentials provided for ■■■■■■■■■■■■■■■■■■■■■■■■■■ and ikey XXXXXXXXXXXX are correct.
[debug] Exception: 40301: Access forbidden
[info] The Auth Proxy will be able to accept connections on port 1812 on all interfaces

I verified TLS/SSL connection to api server following below article .

https://help.duo.com/s/article/1336?language=en_US

Browser, telnet, and Invoke-WebRequest test all passed.

I copied Integration key and secret key and API hostname from Cisco ASA SSL VPN application page.

DuoKristina · May 12, 2023, 3:28pm

Which Duo application did you create for this? You mention a “Cisco ASA SSL VPN” application but if you review our RADIUS ASA instructions they say to create a “Cisco RADIUS VPN” application.

byunkook · May 12, 2023, 10:07pm

I assumed it would be “Cisco ASA SSL VPN” because I was trying to protect Cisco AnyConnect login.

After protecting Cisco Radius VPN, and appling new keys, protection is working now.

Thank you very much for the guidance.

Best regards,