WebSDK Django - Denied No Response


#1

I am trying to authenticate via the WebSDK and running into a problem.
I am not getting the push notification and my app password is not being accepted.

Steps I have taken:
• I have created a WebSDK integration under “Protect an Application”
• Recorded the Integration Key, Secret Key, API Hostname.
• There is no user restriction, but there is a global policy for “Deny access to unenrolled users” and all auth methods are allowed.

This is a Django app, and based off of the demo you have published.

Within my app I have double-check the key values and they match what is listed on the duosecurity admin panel for my protected application.
I have generated an akey using your documentation located here:


You can generate a random string in Python with:

import os, hashlib
print hashlib.sha1(os.urandom(32)).hexdigest()

When attempting to authenticate, I am provided the Duo iframe and there is an option to push a notification of enter a passcode.
This looks as expected.
However, if I select to send a push notification, it never is sent.
Also, if I attempt to enter a passcode, I receive and error that the passcode is invalid.

When reviewing the auth logs in the duo portal, I can see the failed auth for both passcode and push. They are also listed as associated with the correct websdk application.

Also, my system is on UTC time. I double checked, and it is definitely correct, so not thinking it is time issue.

Do you have any suggestions as to what my be causing the problem?


#2

Duo admin accounts and authentication devices are distinct from Duo end user accounts and devices. When you signed up for Duo the process created your Duo admin account. You probably created an end user account in Duo manually? Did you activate Duo Mobile on your phone for your end user account? You should see two accounts in Duo Mobile, with one of them identified as “DUO ADMIN” and the other as “DUO-PROTECTED”. The "DUO-PROTECTED one is an end user account, which is what would be used to authenticate via WebSDK.

If you don’t see a “DUO-PROTECTED” account in Duo Mobile, you can send a Duo Mobile activation code for your end user account from the Admin Panel.


#3

Thank you for the reply.
I actually only have one account in my Duo mobile account. It has “ADMIN” next to it.
I think that may be the issue. We use Duo for several applications and my account was just changed into an admin account to allow me to add my application.
Just tested this by attempting to login to another system and was not sent the push either.

I will have my account removed from the admin and re-test and update with what I find out.
BIG HELP! Thanks!


#4

NONONONNOO Don’t remove your admin account from Duo Mobile!

The admin account and end-user accounts can coexist in Duo Mobile.


#5

HAHA! All good. I should have explained that better. I just created an additional account. I didn’t delete my admin account.
Creating a new user did fix the problem.
All is working now. Many thanks for the expert advice!