Standalone load of redirect-domain, for Ad Block allowlisting

Greetings! I have a problem using Duo, in my browsers with uBlock Origin or similar installed, including Safari, Chrome, Brave, and Firefox. Seeking a reply body or blog post link with more information.

Issue

I would like to “Remember for 30 days”, but cannot.

On the 2nd-factor iframe embed, cookies cannot be used (to “remember for 30 days”), because I have not approved the Duo domain, api-XXXXXX .duosecurity.com, (and cannot easily(?) do so). I’m seeing the issue in Safari (14) with Ghostery, which may not properly handle trusting embeds of a trusted site (Duo) within a trusted site (my auth provider).

Key point of confusion

Since the Duo hostname is api-[hexchars] .duosecurity.com, I’m not clear whether the subdomain is a unique (v-)host for my whole company, or just a random API endpoint. And I don’t feel confident enough guessing what your architecture constraints are for security & external integration.

Hmm, Discourse redacts this automatically, but it’s also publicly accessible. I guess other domains of that style are a risk to share.

Hi @mcint,

Your Duo hostname is unique to your account and used to configure Duo applications. It should not be shared. That’s why it was redacted automatically :slightly_smiling_face: We put a filter on the Duo Community to help prevent anyone from accidentally posting information such as the integration key, secret key, or API hostname.

The issue you describe here of not being able to use the “Remember me for 30 days” feature is due to cookies being blocked as you’ve noted. We have a help article that explains how to solve this issue by adding an exception for Duo-served cookies, and the process varies by browser. Safari does not provide a mechanism to allow an exception for specific sites. However, you can globally allow all third-party cookies. While not ideal, we’re working on a solution for this, and in the meantime hopefully the current workaround helps you!

1 Like