Is it Possible for Multiple Duo Application Policy ---> CAS


#1

Hi:

Is it possible to have multiple Duo application policies per CAS server?

Example: cas.authn.mfa.duo[0] has separate policies in Duo than cas.authn.mfa.duo[1].

i.e. Integration App A uses ‘cas.authn.mfa.duo[0]’ and Integration App B uses ‘cas.authn.mfa.duo[1]’

cas.authn.mfa.duo[0].duo■■■■

cas.authn.mfa.duo[0].duoIntegrationKey:FOO

cas.authn.mfa.duo[0].duoSecretKey:BAR2

cas.authn.mfa.duo[0].duoApplicationKey:101

cas.authn.mfa.duo[1].duo■■■■

cas.authn.mfa.duo[1].duoIntegrationKey:FOO2

cas.authn.mfa.duo[1].duoSecretKey:BAR2

cas.authn.mfa.duo[1].duoApplicationKey:102


#2

Hey there @Hugo,

While the CAS integration is not made by Duo, I know that they do support the ability to have multiple Duo application keys specified. You can see more here: https://apereo.github.io/cas/5.2.x/installation/DuoSecurity-Authentication.html#multiple-instances

Thanks for being a Duo customer!


#3

Are there any instructions on how to do so by any chance? I could find via Google searches…


#4

Hi folks, has anyone gotten this to work? We are running CAS 5.1.2 and I tried adding a second Duo instance in my cas.properties file and tried pointing one CAS .json service file at one Duo ID and a second CAS .json service file at the second Duo ID but when I get prompted for 2 factor authentication with the Duo App it shows that it continually gets tied to the first Duo CAS instance.

Thanks for any assistance :wink: