Re: Create user shows Invalid signature in request credentials

enamul-haque · ‎09-23-2023

Hi,

I want to create a user to duo security system using duo security API for our existing system
After registering the user to duo security, duo security system returns a URL for registering the user with duo mobile

But it shows below error:

{"code": 40103, "message": "Invalid signature in request credentials", "stat": "FAIL"}

I have use below java code:

public class DuoAdminAPIClient {
    public static void main(String[] args) {
        // Replace with your Duo Admin API credentials
        String integrationKey = "my integration key";
        String secretKey = "my secreate key";
        String apiHostname = "api-d221a358.duosecurity.com";

        // Create an HttpClient instance
        HttpClient httpClient = HttpClients.createDefault();

        try {
            // Define the user's attributes
            String username = "xxx";
            String userFirstName = "xxx";
            String userLastName = "xxx";

            // Construct the request body JSON
            String createUserRequestBody = String.format(
                    "{\"username\": \"%s\", \"first_name\": \"%s\", \"last_name\": \"%s\"}",
                    username, userFirstName, userLastName
            );

            // Define the API endpoint
            String createUserUrl = "https://" + apiHostname + "/admin/v1/users";

            // Generate the API signature
         //   String timestamp = Long.toString(System.currentTimeMillis() / 1000);
            String timestamp = OffsetDateTime.now().format(DateTimeFormatter.RFC_1123_DATE_TIME);
            String sigPayload = timestamp + "\n" + createUserUrl + "\n" + createUserRequestBody;
            String signature = generateHmacSha1Signature(sigPayload, secretKey);

            // Create the HTTP POST request
            HttpPost createUserRequest = new HttpPost(createUserUrl);
            createUserRequest.addHeader("Authorization", "Basic " + Base64.encodeBase64String((integrationKey + ":" + signature).getBytes()));
            createUserRequest.addHeader("Content-Type", "application/json");
            createUserRequest.addHeader("Date", timestamp);
            createUserRequest.setEntity(new StringEntity(createUserRequestBody));

            // Send the request and get the response
            HttpResponse createUserResponse = httpClient.execute(createUserRequest);
            HttpEntity createUserEntity = createUserResponse.getEntity();
            String createUserResponseString = EntityUtils.toString(createUserEntity);

            // Print the response (you can parse it to extract relevant information)
            System.out.println("Create User Response: " + createUserResponseString);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private static String generateHmacSha1Signature(String payload, String secretKey) throws NoSuchAlgorithmException, InvalidKeyException {
        SecretKeySpec keySpec = new SecretKeySpec(secretKey.getBytes(), "HmacSHA1");
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(keySpec);
        byte[] result = mac.doFinal(payload.getBytes());
        return Base64.encodeBase64String(result);
    }
}

What is the wrong of my code?
Please help me

DuoKristina · ‎09-25-2023

Are you trying to use first_name and last_name in the request_body? Those aren't valid params for the Duo Admin API (firstname and lastname are).

Have you considered using our API client for Java? https://github.com/duosecurity/duo_client_java

Duo, not DUO.