For the Cisco Duo authentication to work correctly through the CDAP, we need to create a traffic management rule using fightPATH. The ADC will redirect the data received into the Virtual Service to the CDAP engine for action.
1. Navigate to Library > flightPATH using the left-side navigation pane.
2. You will see the flightpath configuration panel on the right of the navigation pane. There are some predefined rules in the Details section, but for Duo, we will be creating a new and straightforward rule.
3. Click the Add New button located at the top left of the Details section.
4. A new line for adding the flightPATH detail line will be shown.
Field
Description
flightPATH Name
This field represents the name you will give the flightPATH rule, and it is referred to within drop-down menus elsewhere in the GUI.
Applied to VS
Auto populated when you apply the rule to a Virtual Service
Description
The description is a plain language description to allow you to remember what the flightPATH rule was designed for
For this exercise, we have named the flightPATH rule as LDAP-Duo
6. In this guide, we are not going to use any Conditions or Evaluations. You could, for example, configure a Condition that only allows access to the authentication form from a specific IP or subnet, or if you only want to challenge users that access a specific path such as '/secure.' More information on flightPATH can be found in the EdgeADC administrator guide.
7. Next, we will configure what will happen next in the Actions section.
Field
Description
Action
This field informs what to do what the rule condition is met. In this case, the Action is Authentication.
Target
A drop-down field and the value you select here must be the Authentication Server you created, in this case, LDAP-Duo.
