|
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
#
# Version 1.0, latest version, documentation and bugtracker available at:
# https://gitlab.lindenaar.net/scripts/duo
#
# Copyright (c) 2019 Frederik Lindenaar
#
# This file is free software: you can redistribute and/or modify it under the
# terms of version 3 of the GNU General Public License as published by the Free
# Software Foundation, or (at your option) any later version of the license.
#
# This script is distributed in the hope that it will be useful but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# this program. If not, visit <http://www.gnu.org/licenses/> to download it.
#
# To use this file with duo_api.py, rename it to duo_api.conf and update it for
# your DUO environment. For documentation, please run: pydoc duo_api
# The API section should reflect the DUO '3rd party API' Application to be used
[API]
host=api-XXXXXXXX.duosecurity.com
ikey=XXXXXXXXXXXXXXXXXXXX
skey=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
path=/auth/v2/
# The remainder of this file defines each DUO API request to be issued in a
# separate section. Multiple sections can be configured for the same request by
# appending a suffix starting with an underscore ('_').
# See https://duo.com/docs/authapi and https://duo.com/docs/adminapi for the
# available endpoints, parameters and responses.
# Example for a fixed-value 'auth' request for DUO authorization
[auth]
username=username
factor=push
device=auto
type=Network Access
display_username=Test User
# pushinfo must be URL encoded, see also https://duo.com/docs/authapi#/auth
pushinfo=explanation=Text+section(s)+shown+to+the+user&mode=TEST
# Example for a dynamic 'auth' request for DUO authorization, %(..)s instances
# are replaced by the code for values passed at runtime, this allows configuring
# the request in the config and only passing the dynamic values at runtime
[auth_dynamic]
username=%(login)s
factor=push
device=auto
type=%(banner)s
display_username=%(name)s
|