Hi there,
You can see the authentication POST requests to Duo during authentication by enabling debug logging on your Duo Authentication Proxy server.
This typically includes:
- username
- Duo factor selected
- client IP address if available
The request signature is generated using your Duo application’s secret key as the HMAC key.
No user password or shared secret information, or the unhashed SKEY is sent to Duo’s service.