07-01-2021 04:24 AM
Hi,
We are trying to integrate Fortiseim via API with DUO. Hoping someone has seen this error before and can help?
Getting auth failures Access forbidden", “message_detail”: "Wrong integration type for this API
Looked into reponse errors on DUO and looked like below;
From documentation:
40301 Access forbidden
EXPLANATION: The ikey belongs to an application that does not have permission to access the requested feature. For example, using an Auth API ikey with Admin API URLs, attempting to modify users with an Admin API ikey whose permissions do not include “write resource”, calling an API that requires a different Duo edition, or calling an API or API method that is only enabled on request by Duo.
RESOLUTION: Ensure that you are using an ikey for the correct application type when signing API calls, and that the application has all the requisite permissions enabled in the Admin Panel. Contact Duo Support to enable a specific API or API method.
Our Administrator has amended on DUO side permissions
“Duo have enabled the Admin API it was disabled. This should work just fine now”
Still same response;
status_code: 403
reason: Forbidden
response header:
{‘Date’: ‘Thu, 01 Jul 2021 09:10:23 GMT’, ‘Content-Length’: ‘120’, ‘Content-Type’: ‘application/json’, ‘Connection’: ‘keep-alive’, ‘Server’: ‘Duo/1.0’}
response content:
{“code”: 40301, “message”: “Access forbidden”, “message_detail”: “Wrong integration type for this API.”, “stat”: “FAIL”}
delay: 0:00:00.144788
[root@fortisiemcoll3 tpm]#
Can anyone help please
thanks
regards Len
07-01-2021 09:24 AM
Hi @Len, can you share the call that you’re putting in when you get this response? If you addressed enabling the Admin API, I would look at the other two issues mentioned in that solution: Are you using an Auth API key with Admin API endpoints? Or do you have the proper write resource permissions granted?
The “wrong integration type for this API” message makes me think that it’s the former, an issue with the ikey you’re using. But I could be wrong! My API knowledge is extremely limited.
07-01-2021 09:57 AM
Amy,
Thanks for your reply, I have a TAC case with Fortinet for Fortisiem and also liaising with Administartor our end who looks after DUO.
We ahve an API with integration Key and secure password, and should be right.When running cred check pr python script, Fortinet asked me to use get the failure messages above.Lee on our side has checked permissions and Ive also asked Lee to check this link Knowledge Base | Duo Security
and Knowledge Base | Duo Security
So checking permissions again, Lee has said Admin Api now enabled.
Not used this forum before not sure what you mean by share
regards Len
07-02-2021 07:10 AM
Thanks for updating us with that info, Len! By share, I meant could you reply here and post the API request you’re sending? It’s hard to tell what’s going on to cause this error without seeing the request you put in.
07-05-2021 09:26 AM
Amy,
From Fortisiem docs for DUO;
https://docs.fortinet.com/document/fortisiem/5.4.0/external-systems-configuration-guide/842801/cisco-duo#Configur
Follow these steps to configure Cisco Duo to send logs to FortiSIEM.
Got details
add details credentials in fortisiem
Use these Access Method Definition settings to allow FortiSIEM to access Cisco Duo logs.
Setting | Value |
---|---|
Name | Enter a name for the credential. |
Device Type | Cisco Duo Security |
Access Protocol | Cisco Duo Admin REST API |
Pull Interval (minutes) | 2 |
Integration Key | Enter the integration key you obtained from Cisco Duo. |
Secret Key | Enter the secret key you obtained from Cisco Duo. |
Description | Enter an optional description for the credential. |
add association and test connection and thatwhen we get failures
Could you test the authentication ?
root@Fortisiemnb-p tpm]# python ciscoDUOauthTest_v1.0.py
request headers:
{‘Date’: ‘Fri, 25 Jun 2021 14:58:53 -0000’, ‘Content-Type’: ‘application/x-www-form-urlencoded’, ‘Authorization’: ‘Basic RElDNVU5VUJFQVhFOFVLQjkzQUQ6NTgwMjE3M■■■■■■■■■■■■■■■■■■■■TFhOTdlYjRkZTdhYjdlNGVhYg==’}
status_code: 403
reason: Forbidden
response header:
{‘Date’: ‘Fri, 25 Jun 2021 14:58:53 GMT’, ‘Content-Length’: ‘120’, ‘Content-Type’: ‘application/json’, ‘Connection’: ‘keep-alive’, ‘Server’: ‘Duo/1.0’}
response content:
{“code”: 40301, “message”: “Access forbidden”, “message_detail”: “Wrong integration type for this API.”, “stat”: “FAIL”}
delay: 0:00:00.112511
[root@Fortisiemnb-p tpm]#
Get connectivity test to api but not auth
Thanks Len
07-07-2021 09:15 AM
@Len, can you paste the contents of the ciscoDUOauthTest_v1.0.py script, removing your ikey, skey, and API host information? If we don’t see the contents of the script we have no way of knowing what API call you’re trying to make with the script.
07-08-2021 01:04 AM
Kristina,
Getting info from Fortinet.
thanks Len
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide