The workflow described below shows the flow of information and subsequent authentication through the ADC and the Cisco Duo system.
1. The user initiates a connection to the target server protected by Duo via the ADC.
2. The ADC essentially acts as middleware and intercepts the user's connection request.
3. The ADC then displays a pre-authentication page to the end-user, similar to the one below, prompting the user for their Radius or LDAP credentials.
4. The ADC then sends an authentication request to the Cisco Duo Authentication Proxy (CDAP) – running in the ADC as a container application.
5. The CDAP completes pre-authentication against LDAP or Radius.
6. The CDAP establishes a secure connection to the Cisco Duo Security Service (CDSS)
7. The CDSS then requests the 2FA from the end-user through the Cisco Duo app.
8. Once the user confirms the result, the result is sent back to the CDAP, which approves the authentication.
9. The user is granted access to the target application by the ADC.