10-05-2020 03:55 PM
Greetings! I have a problem using Duo, in my browsers with uBlock Origin or similar installed, including Safari, Chrome, Brave, and Firefox. Seeking a reply body or blog post link with more information.
I would like to “Remember for 30 days”, but cannot.
On the 2nd-factor iframe embed, cookies cannot be used (to “remember for 30 days”), because I have not approved the Duo domain, api-XXXXXX
.duosecurity.com
, (and cannot easily(?) do so). I’m seeing the issue in Safari (14) with Ghostery, which may not properly handle trusting embeds of a trusted site (Duo) within a trusted site (my auth provider).
Since the Duo hostname is api-
[hexchars] .duosecurity.com
, I’m not clear whether the subdomain is a unique (v-)host for my whole company, or just a random API endpoint. And I don’t feel confident enough guessing what your architecture constraints are for security & external integration.
Hmm, Discourse redacts this automatically, but it’s also publicly accessible. I guess other domains of that style are a risk to share.
Solved! Go to Solution.
10-09-2020 08:59 AM
Hi @mcint,
Your Duo hostname is unique to your account and used to configure Duo applications. It should not be shared. That’s why it was redacted automatically We put a filter on the Duo Community to help prevent anyone from accidentally posting information such as the integration key, secret key, or API hostname.
The issue you describe here of not being able to use the “Remember me for 30 days” feature is due to cookies being blocked as you’ve noted. We have a help article that explains how to solve this issue by adding an exception for Duo-served cookies, and the process varies by browser. Safari does not provide a mechanism to allow an exception for specific sites. However, you can globally allow all third-party cookies. While not ideal, we’re working on a solution for this, and in the meantime hopefully the current workaround helps you!
10-09-2020 08:59 AM
Hi @mcint,
Your Duo hostname is unique to your account and used to configure Duo applications. It should not be shared. That’s why it was redacted automatically We put a filter on the Duo Community to help prevent anyone from accidentally posting information such as the integration key, secret key, or API hostname.
The issue you describe here of not being able to use the “Remember me for 30 days” feature is due to cookies being blocked as you’ve noted. We have a help article that explains how to solve this issue by adding an exception for Duo-served cookies, and the process varies by browser. Safari does not provide a mechanism to allow an exception for specific sites. However, you can globally allow all third-party cookies. While not ideal, we’re working on a solution for this, and in the meantime hopefully the current workaround helps you!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: