From a8e208430e728784b4b7f44d140d7b66b5b26167 Mon Sep 17 00:00:00 2001 From: Shriya Kamat Tarcar <73349138+shri3016@users.noreply.github.com> Date: Thu, 15 Jan 2026 02:47:15 +0530 Subject: [PATCH] docs: add Cisco Duo SSO provider documentation (#3306) * docs: add Cisco Duo SSO provider documentation Signed-off-by: Jan Larwig * doc: backport to versioned docs 7.13 and fix alphabetical order of entries Signed-off-by: Jan Larwig * doc: improved clarity for the cisco duo configuration steps Signed-off-by: Jan Larwig --------- Signed-off-by: Jan Larwig Co-authored-by: Jan Larwig --- .../docs/configuration/providers/cisco_duo.md | 44 +++++++++++++++++++ docs/docs/configuration/providers/index.md | 1 + docs/sidebars.js | 2 + .../configuration/providers/cisco_duo.md | 44 +++++++++++++++++++ .../configuration/providers/index.md | 1 + .../version-7.13.x-sidebars.json | 2 + 6 files changed, 94 insertions(+) create mode 100644 docs/docs/configuration/providers/cisco_duo.md create mode 100644 docs/versioned_docs/version-7.13.x/configuration/providers/cisco_duo.md diff --git a/docs/docs/configuration/providers/cisco_duo.md b/docs/docs/configuration/providers/cisco_duo.md new file mode 100644 index 00000000..a92eccdb --- /dev/null +++ b/docs/docs/configuration/providers/cisco_duo.md @@ -0,0 +1,44 @@ +--- +id: cisco_duo +title: Cisco Duo +--- + +Cisco Duo SSO can be configured with OAuth2 Proxy using the OIDC provider. + +1. Create a new **Generic OIDC Relying Party - Single Sign-On** application in the Duo Admin Portal +2. Configure OAuth2 Proxy with the following options: + +``` +provider = "oidc" +provider_display_name = "Duo SSO" +scope = "openid email profile" +pass_access_token = true +code_challenge_method = "S256" +``` + +3. Configure Provider endpoints. Copy the following values from the corresponding fields in the Duo Admin Portal: + +``` +# Copy from "Client ID" field +client_id = "XXXXXXXX" + +# Copy from "Client Secret" field +client_secret = "XXXXXXXX" + +# Copy from "Issuer" field +oidc_issuer_url = "https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx" + +# Copy from "JWKS URL" field +oidc_jwks_url = "https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx/jwks" + +# Copy from "Token Introspection URL" field +validate_url = "https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx/token_introspection" + +# Copy from "UserInfo" field +profile_url = "https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx/userinfo" + +# Copy from "Token URL" field +redeem_url = "https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx/token" +``` + +4. Complete Configuration by filling in any remaining required fields and save your configuration. diff --git a/docs/docs/configuration/providers/index.md b/docs/docs/configuration/providers/index.md index 3d3938ff..6f333e5a 100644 --- a/docs/docs/configuration/providers/index.md +++ b/docs/docs/configuration/providers/index.md @@ -11,6 +11,7 @@ Valid providers are : - [ADFS](adfs.md) - [Bitbucket](bitbucket.md) - [Cidaas](cidaas.md) +- [CiscoDuo](cisco_duo.md) - [DigitalOcean](digitalocean.md) - [Facebook](facebook.md) - [Gitea](gitea.md) diff --git a/docs/sidebars.js b/docs/sidebars.js index 0a1bf0b4..7af8cf47 100644 --- a/docs/sidebars.js +++ b/docs/sidebars.js @@ -34,6 +34,8 @@ const sidebars = { "configuration/providers/adfs", "configuration/providers/azure", "configuration/providers/bitbucket", + "configuration/providers/cidaas", + "configuration/providers/cisco_duo", "configuration/providers/digitalocean", "configuration/providers/facebook", "configuration/providers/gitea", diff --git a/docs/versioned_docs/version-7.13.x/configuration/providers/cisco_duo.md b/docs/versioned_docs/version-7.13.x/configuration/providers/cisco_duo.md new file mode 100644 index 00000000..a92eccdb --- /dev/null +++ b/docs/versioned_docs/version-7.13.x/configuration/providers/cisco_duo.md @@ -0,0 +1,44 @@ +--- +id: cisco_duo +title: Cisco Duo +--- + +Cisco Duo SSO can be configured with OAuth2 Proxy using the OIDC provider. + +1. Create a new **Generic OIDC Relying Party - Single Sign-On** application in the Duo Admin Portal +2. Configure OAuth2 Proxy with the following options: + +``` +provider = "oidc" +provider_display_name = "Duo SSO" +scope = "openid email profile" +pass_access_token = true +code_challenge_method = "S256" +``` + +3. Configure Provider endpoints. Copy the following values from the corresponding fields in the Duo Admin Portal: + +``` +# Copy from "Client ID" field +client_id = "XXXXXXXX" + +# Copy from "Client Secret" field +client_secret = "XXXXXXXX" + +# Copy from "Issuer" field +oidc_issuer_url = "https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx" + +# Copy from "JWKS URL" field +oidc_jwks_url = "https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx/jwks" + +# Copy from "Token Introspection URL" field +validate_url = "https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx/token_introspection" + +# Copy from "UserInfo" field +profile_url = "https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx/userinfo" + +# Copy from "Token URL" field +redeem_url = "https://sso-xxxxxxxx.sso.duosecurity.com/oidc/xxxxxxxx/token" +``` + +4. Complete Configuration by filling in any remaining required fields and save your configuration. diff --git a/docs/versioned_docs/version-7.13.x/configuration/providers/index.md b/docs/versioned_docs/version-7.13.x/configuration/providers/index.md index 3d3938ff..6f333e5a 100644 --- a/docs/versioned_docs/version-7.13.x/configuration/providers/index.md +++ b/docs/versioned_docs/version-7.13.x/configuration/providers/index.md @@ -11,6 +11,7 @@ Valid providers are : - [ADFS](adfs.md) - [Bitbucket](bitbucket.md) - [Cidaas](cidaas.md) +- [CiscoDuo](cisco_duo.md) - [DigitalOcean](digitalocean.md) - [Facebook](facebook.md) - [Gitea](gitea.md) diff --git a/docs/versioned_sidebars/version-7.13.x-sidebars.json b/docs/versioned_sidebars/version-7.13.x-sidebars.json index 3f5eb854..debf4491 100644 --- a/docs/versioned_sidebars/version-7.13.x-sidebars.json +++ b/docs/versioned_sidebars/version-7.13.x-sidebars.json @@ -34,6 +34,8 @@ "configuration/providers/adfs", "configuration/providers/azure", "configuration/providers/bitbucket", + "configuration/providers/cidaas", + "configuration/providers/cisco_duo", "configuration/providers/digitalocean", "configuration/providers/facebook", "configuration/providers/gitea",