Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2225
Views
1
Helpful
5
Replies

Issue with Authorization and instructions

alexhaberer
Level 1
Level 1

‎06-04-2019 06:16 AM

I’m trying to complete a simple authentication, but keep getting issue with my Signature - “Invalid signature in request credentials”

*******Please note I added some spacing or " ." before ending > as this was causing code not to display.

From my understanding of the reading I’m building an string like so:

Tue, 04 Jun 2019 07:37:56 -0500
POST
api-xxxxxxxx.duosecurity .com
/auth/v2/check

Then I’m encryping that string into HMAC SHA1 like so:

422A■■■■0DD208C00AC08967

Then I’m using my Integration Key and that HMAC SHA1 as the HTTP Basic Authentication:

I’m using ColdFusion, here is an example of the process:

<cfset date = DateTimeFormat(Now(), “ddd, dd mmm yyyy HH:nn:ss Z”)>
<cfdump var=“Date: #date#” .>
<br / >
<br / >

<cfset nl = chr(10) .>
<cfset requestString = date & nl & “POST” & nl & “api-xxxxxxxx.duosecurity .com” & nl & “/auth/v2/check”>
<cfdump var=“Signature: #requestString#” .>

<cfset hmacSignature = hmac(#requestString#, “<Secret Key .>”, “HMACSHA1”)>
<cfdump var=“HMAC SHA1 (Signature): #hmacSignature#” .>
<br / >

<cfset base64Auth = ToBase64(hmacSignature) .>
<cfset binaryAuth = ToBinary(base64Auth) .>
<cfset hexAsciiAuth = BinaryEncode(binaryAuth, “hex”) .>
<cfdump var=“Hex Ascii (HMAC SHA1): #hexAsciiAuth#” .>
<br / >
<br / >

<cfset asciiAuth = ToBase64("<Integration Key .>:" & hexAsciiAuth) .>
<cfdump var=“Authorization: #asciiAuth#” .>

<cfhttp url=“https://api-xxxxxxxx.duosecurity .com/auth/v2/check” method=“get” result=“duo.check” .>
<cfhttpparam type=“header” name=“Content-Type” value=“application/x-www-form-urlencoded”/ .>
<cfhttpparam type=“header” name=“Authorization” value=“Basic #asciiAuth#”/ .>
<cfhttpparam type=“header” name=“Date” value="#date#"/ .>
</cfhttp .>

<cfset respJson = duo.check .>
<cfdump var="#respJson#" abort=true .>

I’ve tried may different things, but can’t be sure, for this process do I need to create an ASCII String from the Signature then convert that to HMAC SHA1

Would I convert this:

Tue, 21 Aug 2012 17:29:18 -0000
POST
api-xxxxxxxx.duosecurity .com
/accounts/v1/account/list

To this:

84 117 101 44 32 50 49 32 65 117 103 32 50 48 49 50 32 49 55 58 50 57 58 49 56 32 45 48 48 48 48 10 80 79 83 84 10 97 112 105 45 120 120 120 120 120 120 120 120 46 100 117 111 115 101 99 117 114 105 116 121 46 99 111 109 10 47 97 99 99 111 117 110 116 115 47 118 49 47 97 99 99 111 117 110 116 47 108 105 115 116

Then back to this: (HMAC SHA1 using my secret key)

0b7ef12d0334efa5f7f50ed7380b5025dd29f255

Then pass my Integration Key as my username and the HMAC SHA1 (Signature) as my password.

If so, I have tried, this, but keep getting Invalid signature in request credentials.

2X_a_add209ca02fb9020ffb3df4ad8786767e28f9100.png

Labels:
0 Helpful
5 Replies 5

mkorovesisduo
Level 4
Level 4

‎06-04-2019 06:41 AM

Hey there, can you please reach out to Duo Support for assistance with your issue?

0 Helpful

alexhaberer
Level 1
Level 1
In response to mkorovesisduo

‎06-06-2019 05:31 AM

I haven’t heard back from the Support team, do you have any ideas?

I’m setting up my signature string, converting that to HMACSHA1 then converting to Hex Ascii and finally sending via Authorize Header using Integration Key:Hex(HMACSHA1 Signature).

Still getting Invalid signature in request credentials.

2X_5_50096757cc97929371727d950997697c647bac32.png

0 Helpful

jeffsmith1
Level 1
Level 1
In response to alexhaberer

‎06-07-2019 02:35 PM

It looks like the support team tried to find your account based on the email you used to contact them. If you reply with your admin email address they will be able to help you out.

0 Helpful

HenryEgal
Level 1
Level 1

‎09-18-2021 06:34 PM

Is the answer to this documented? Getting Invalid signature in request credentials and I have followed steps in documentation.

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to HenryEgal

‎09-20-2021 08:55 AM

@HenryEgal In the example above from June 19 it appears that the user was trying to send the request to Auth API /auth/v2/check with method GET but when constructing their request string they included POST. Make sure you are using the right method for your request.

I see you created a new post for your issue https://community.duo.com/t/invalid-signature-in-request-credentials/10310; there are plenty of ways to achieve an invalid signature so it’s hard to give anything more specific than “double-check everything” unless you provide some more details. Follow up there instead of in this old, unresolved post.

Duo, not DUO.
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents