CB UnifiedView: Missing Duo Authentication Configuration Files
search cancel

CB UnifiedView: Missing Duo Authentication Configuration Files

book

Article ID: 290504

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

The files required to configure Duo authentication are missing from the /usr/share/cb/plugins/duo directory on CB UnifiedView server.

Environment

  • CB UnifiedView: All Versions
  • Duo Authentication

Cause

The directory/files to configure Duo is missing in the installation rpm.

Resolution

  1. Create the correct directory manually:           
mkdir -p /usr/share/cb/plugins/duo
  1. Copy the /usr/share/cb/plugins/duo/duo_2fa_auth_callback.py file from a CB Response server to the above directory.
  2. Manually create the /usr/share/cb/plugins/duo/secrets.ini file and add the following content:
# Secret keys for your Duo security integration. Get your ikey, skey, and host from your Duo
#  Security administrative console.

[duo]
ikey=
skey=
host=

[config]
# number of seconds a "session" should last until 2fa is required again. Default to 60
session_lifetime=500

# how to map Cb users to Duo users? Choices are "username" or "email". Default to "email"
duo_mapping=email

# create a new 2fa session for each source IP address? True or false. Default to "false"
use_ipaddr_session_key=false

# Uncomment the next section if you need a web proxy to reach the outside world

#[proxy]
#hostname=
#port=
#
## if the proxy requires authentication, put the username & password here
#username=
#password=
  1. Proceed with configuration steps described in the Integration Guide.

Additional Information

An internal ticket (tracked as EA-16076) has been created to resolve the missing duo_2fa_auth_callback.py file in the CB UnifiedView rpm.