Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2607
Views
2
Helpful
4
Replies

WebSDK Django - Denied No Response

luskbo
Level 1
Level 1

‎11-27-2018 06:05 PM

I am trying to authenticate via the WebSDK and running into a problem.
I am not getting the push notification and my app password is not being accepted.

Steps I have taken:
• I have created a WebSDK integration under “Protect an Application”
• Recorded the Integration Key, Secret Key, API Hostname.
• There is no user restriction, but there is a global policy for “Deny access to unenrolled users” and all auth methods are allowed.

This is a Django app, and based off of the demo you have published.

Within my app I have double-check the key values and they match what is listed on the duosecurity admin panel for my protected application.
I have generated an akey using your documentation located here:


You can generate a random string in Python with:

import os, hashlib
print hashlib.sha1(os.urandom(32)).hexdigest()

When attempting to authenticate, I am provided the Duo iframe and there is an option to push a notification of enter a passcode.
This looks as expected.
However, if I select to send a push notification, it never is sent.
Also, if I attempt to enter a passcode, I receive and error that the passcode is invalid.

When reviewing the auth logs in the duo portal, I can see the failed auth for both passcode and push. They are also listed as associated with the correct websdk application.

Also, my system is on UTC time. I double checked, and it is definitely correct, so not thinking it is time issue.

Do you have any suggestions as to what my be causing the problem?

Labels:
0 Helpful
4 Replies 4

DuoKristina
Cisco Employee
Cisco Employee

‎11-28-2018 06:34 AM

Duo admin accounts and authentication devices are distinct from Duo end user accounts and devices. When you signed up for Duo the process created your Duo admin account. You probably created an end user account in Duo manually? Did you activate Duo Mobile on your phone for your end user account? You should see two accounts in Duo Mobile, with one of them identified as “DUO ADMIN” and the other as “DUO-PROTECTED”. The "DUO-PROTECTED one is an end user account, which is what would be used to authenticate via WebSDK.

If you don’t see a “DUO-PROTECTED” account in Duo Mobile, you can send a Duo Mobile activation code for your end user account from the Admin Panel.

Duo, not DUO.
0 Helpful

luskbo
Level 1
Level 1
In response to DuoKristina

‎11-28-2018 08:43 AM

Thank you for the reply.
I actually only have one account in my Duo mobile account. It has “ADMIN” next to it.
I think that may be the issue. We use Duo for several applications and my account was just changed into an admin account to allow me to add my application.
Just tested this by attempting to login to another system and was not sent the push either.

I will have my account removed from the admin and re-test and update with what I find out.
BIG HELP! Thanks!

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to luskbo

‎11-28-2018 08:55 AM

NONONONNOO Don’t remove your admin account from Duo Mobile!

The admin account and end-user accounts can coexist in Duo Mobile.

Duo, not DUO.

luskbo
Level 1
Level 1
In response to DuoKristina

‎11-28-2018 09:41 AM

HAHA! All good. I should have explained that better. I just created an additional account. I didn’t delete my admin account.
Creating a new user did fix the problem.
All is working now. Many thanks for the expert advice!

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents