11-21-2017 05:10 AM
Hi
Is there a way to display the source hostname where the application is running in the duo push message on my phone when using a duo proxy? Now the application name is displayed in that message. But we have multiple applications behind 1 proxy and it would be nice the see from which hostname/application this is coming from…
BR
Arkadi
Solved! Go to Solution.
11-21-2017 12:59 PM
The Duo Push request shows you the name of each application authenticating through your proxy, if you have configured individual RADIUS or LDAP authenticators.
For example, if your Duo Authentication Proxy authproxy.cfg file has configurations for a Citrix Netscaler using RADIUS on port 1812, a Palo Alto VPN using RADIUS on port 1821, an LDAP Web application on port 389, and another LDAP web application on port 1389, and each of these configurations is using the integration key of a distinct application you created in your Duo Admin Panel, then authenticating via the Netscaler will send a push request that says “Netscaler”, etc.
However, if you configured only one RADIUS application on port 1812 with multiple different devices sharing it, or one LDAP application on port 389 with multiple different applications sharing it, then it’s not currently possible to distinguish which application is authenticating in the push request.
If a RADIUS appliance or application sends the client IP address in the calling-station-id
attribute to the Duo proxy, then the Duo Push request shows this source IP information. LDAP doesn’t support sending the client IP, so that information isn’t present in the push prompt.
I hope that helps clear things up!
11-21-2017 12:59 PM
The Duo Push request shows you the name of each application authenticating through your proxy, if you have configured individual RADIUS or LDAP authenticators.
For example, if your Duo Authentication Proxy authproxy.cfg file has configurations for a Citrix Netscaler using RADIUS on port 1812, a Palo Alto VPN using RADIUS on port 1821, an LDAP Web application on port 389, and another LDAP web application on port 1389, and each of these configurations is using the integration key of a distinct application you created in your Duo Admin Panel, then authenticating via the Netscaler will send a push request that says “Netscaler”, etc.
However, if you configured only one RADIUS application on port 1812 with multiple different devices sharing it, or one LDAP application on port 389 with multiple different applications sharing it, then it’s not currently possible to distinguish which application is authenticating in the push request.
If a RADIUS appliance or application sends the client IP address in the calling-station-id
attribute to the Duo proxy, then the Duo Push request shows this source IP information. LDAP doesn’t support sending the client IP, so that information isn’t present in the push prompt.
I hope that helps clear things up!
11-22-2017 07:30 AM
Thanks for the info!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide