Cisco Duo Proxy
An Edgenexus App User Guide
×
Menu
Search
 
   
   
   
 
  • Configuring the ADC for Duo with LDAP Authentication
  (c) Edgenexus Limited, 2021

Configuring the ADC for Duo with LDAP Authentication

Now come the steps to configure the ADC so that users can authenticate using LDAP and Cisco Duo. The guide will now assume that you are familiar with the ADC and its configuration methods and features.
1.     Proceed to Library > Authentication using the navigation panel of the ADC
2.     You will now see the Authentication Servers section on the right panel.
3.     Click Add Server
4.     A new line will appear, showing some fields that you will need to fill in. An example of the filled-in fields is shown below.
Field Name
Example and description
Name
The name can be any alphanumeric value, but for ease of understanding, let's use LDAP-Duo
Description
Optional, this value describes this entry
Authentication
Select LDAP from the drop-down
Domain
The value here should be your LDAP domain
Server
The value you provide here should be the same as the name you gave your Cisco Duo Authentication Proxy – this is important.
Port
389 is the standard Port used
Search
Optional and can be left blank
Search Base
Enter the search Base DN
Login format
Select 'Username and Password' from the drop-down
Passphrase
Optional
Dead Time
Optional
The next step is to create an authentication rule to handle the requests for Duo authentication. See the example below. Fill in the fields as explained in the table below the image.
Field Name
Explanation
Name
Add a suitable name for the rule – it could be something like LDAP-Duo-Rule.
Description
Optional, this is the description for the rule.
Root Domain
Optional, unless you wish to use single-sign-on across sub-domains.
Authentication Server
A drop-down field – select the name of the Authentication Server you created in the previous steps.
Client Authentication
A drop-down field – select Forms
Server Authentication
A drop-down field – select None
Form
A drop-down field – select Default
Message
We will use the value to display a message on the form shown to the user. An example may be "LDAP-Duo 2FA."
Timeout
The value is specified in seconds, after which the user will need to authenticate again.

The contents of Configuring the ADC for Duo with LDAP Authentication

Creating the flightPATH rule
Creating the Cisco Duo Virtual Service