Greetings! I have a problem using Duo, in my browsers with uBlock Origin or similar installed, including Safari, Chrome, Brave, and Firefox. Seeking a reply body or blog post link with more information.
I would like to “Remember for 30 days”, but cannot.
On the 2nd-factor iframe embed, cookies cannot be used (to “remember for 30 days”), because I have not approved the Duo domain,
.duosecurity.com, (and cannot easily(?) do so). I’m seeing the issue in Safari (14) with Ghostery, which may not properly handle trusting embeds of a trusted site (Duo) within a trusted site (my auth provider).
Key point of confusion
Since the Duo hostname is
.duosecurity.com, I’m not clear whether the subdomain is a unique (v-)host for my whole company, or just a random API endpoint. And I don’t feel confident enough guessing what your architecture constraints are for security & external integration.
Hmm, Discourse redacts this automatically, but it’s also publicly accessible. I guess other domains of that style are a risk to share.