A simple Python3 web application that serves a logon page integrated with Duo 2FA.
Change to the "demo" directory
cd demo
Set up a virtual environment
python3 -m venv env
source env/bin/activate
Install the demo requirements:
pip3 install -r requirements.txt
Then, create a Web SDK application in the Duo Admin Panel. See https://duo.com/docs/protecting-applications for more details.
- Copy the Client ID, Client Secret, and API Hostname values for your
Web SDKapplication into theduo.conffile. - Start the app.
python3 app.py - Navigate to http://localhost:8080.
- Log in with the user you would like to enroll in Duo or with an already enrolled user (any password will work).
The default demo app configuration only allows connections from localhost; other devices on the network cannot access it.
To allow connections from other devices (e.g. to test the login experience from a mobile device):
- Edit the
redirect_urifield induo.confto be a network-accessible hostname of the machine running the demo app.- Due to API-enforced restrictions, this must be a host/domain name, not IP address.
- The URI must be https.
- Example
redirect_uriusing the computer's hostname:https://john-11234.local:8080/duo-callback - Alternatively, a third party services such as nip.io can be used for resolving domain names to internal IP addresses.
- Start the demo app by running the following command within the
/demodirectory:flask run --host=0.0.0.0 --port 8080 --cert=adhoc--host=0.0.0.0allows connections from external devices.--cert=adhocwill serve content over HTTPS using a self-signed certificate. (You will likely be required to accept certificate warnings in the client browser.)
- On the client device, access the demo app using the same host/domain name as the redirect URL.
- E.g.
https://john-11234.local:8080
- E.g.