docs: add Cisco Duo SSO provider documentation (#3306)

* docs: add Cisco Duo SSO provider documentation

Signed-off-by: Jan Larwig <jan@larwig.com>

* doc: backport to versioned docs 7.13 and fix alphabetical order of entries

Signed-off-by: Jan Larwig <jan@larwig.com>

* doc: improved clarity for the cisco duo configuration steps

Signed-off-by: Jan Larwig <jan@larwig.com>

---------

Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>

docs/docs/configuration/providers/cisco_duo.md

@@ -0,0 +1,44 @@
+---
+id: cisco_duo
+title: Cisco Duo
+---
+
+Cisco Duo SSO can be configured with OAuth2 Proxy using the OIDC provider.
+
+1. Create a new **Generic OIDC Relying Party - Single Sign-On** application in the Duo Admin Portal
+2. Configure OAuth2 Proxy with the following options:
+
+```
+provider = "oidc"
+provider_display_name = "Duo SSO"
+scope = "openid email profile"
+pass_access_token = true
+code_challenge_method = "S256"
+```
+
+3. Configure Provider endpoints. Copy the following values from the corresponding fields in the Duo Admin Portal:
+
+```
+# Copy from "Client ID" field
+client_id = "XXXXXXXX"
+
+# Copy from "Client Secret" field
+client_secret = "XXXXXXXX"
+
+# Copy from "Issuer" field
+oidc_issuer_url = "https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx"
+
+# Copy from "JWKS URL" field
+oidc_jwks_url = "https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx/jwks"
+
+# Copy from "Token Introspection URL" field
+validate_url = "https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx/token_introspection"
+
+# Copy from "UserInfo" field
+profile_url = "https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx/userinfo"
+
+# Copy from "Token URL" field
+redeem_url = "https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx/token"
+```
+
+4. Complete Configuration by filling in any remaining required fields and save your configuration.

docs/docs/configuration/providers/index.md

@@ -11,6 +11,7 @@ Valid providers are :
 - [ADFS](adfs.md)
 - [Bitbucket](bitbucket.md)
 - [Cidaas](cidaas.md)
+- [CiscoDuo](cisco_duo.md)
 - [DigitalOcean](digitalocean.md)
 - [Facebook](facebook.md)
 - [Gitea](gitea.md)

docs/sidebars.js

@@ -34,6 +34,8 @@ const sidebars = {
             "configuration/providers/adfs",
             "configuration/providers/azure",
             "configuration/providers/bitbucket",
+            "configuration/providers/cidaas",
+            "configuration/providers/cisco_duo",
             "configuration/providers/digitalocean",
             "configuration/providers/facebook",
             "configuration/providers/gitea",

docs/versioned_docs/version-7.13.x/configuration/providers/cisco_duo.md

@@ -0,0 +1,44 @@
+---
+id: cisco_duo
+title: Cisco Duo
+---
+
+Cisco Duo SSO can be configured with OAuth2 Proxy using the OIDC provider.
+
+1. Create a new **Generic OIDC Relying Party - Single Sign-On** application in the Duo Admin Portal
+2. Configure OAuth2 Proxy with the following options:
+
+```
+provider = "oidc"
+provider_display_name = "Duo SSO"
+scope = "openid email profile"
+pass_access_token = true
+code_challenge_method = "S256"
+```
+
+3. Configure Provider endpoints. Copy the following values from the corresponding fields in the Duo Admin Portal:
+
+```
+# Copy from "Client ID" field
+client_id = "XXXXXXXX"
+
+# Copy from "Client Secret" field
+client_secret = "XXXXXXXX"
+
+# Copy from "Issuer" field
+oidc_issuer_url = "https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx"
+
+# Copy from "JWKS URL" field
+oidc_jwks_url = "https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx/jwks"
+
+# Copy from "Token Introspection URL" field
+validate_url = "https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx/token_introspection"
+
+# Copy from "UserInfo" field
+profile_url = "https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx/userinfo"
+
+# Copy from "Token URL" field
+redeem_url = "https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx/token"
+```
+
+4. Complete Configuration by filling in any remaining required fields and save your configuration.

docs/versioned_docs/version-7.13.x/configuration/providers/index.md

@@ -11,6 +11,7 @@ Valid providers are :
 - [ADFS](adfs.md)
 - [Bitbucket](bitbucket.md)
 - [Cidaas](cidaas.md)
+- [CiscoDuo](cisco_duo.md)
 - [DigitalOcean](digitalocean.md)
 - [Facebook](facebook.md)
 - [Gitea](gitea.md)

docs/versioned_sidebars/version-7.13.x-sidebars.json

@@ -34,6 +34,8 @@
             "configuration/providers/adfs",
             "configuration/providers/azure",
             "configuration/providers/bitbucket",
+            "configuration/providers/cidaas",
+            "configuration/providers/cisco_duo",
             "configuration/providers/digitalocean",
             "configuration/providers/facebook",
             "configuration/providers/gitea",