Nuxeo Server

Nuxeo DuoWeb Two-Factor Authentication

Updated: March 18, 2024

The Nuxeo addon nuxeo-duoweb-authentication is an integration of DuoWeb access in Nuxeo login plugin and provides two-factor authentication through the Nuxeo login page.

This plugin is available for Nuxeo Platform 5.8 and above.

Configuration

Please refer to this README to configure and activate the addon on your Nuxeo instance.

The two factors authentication is executing the following steps:

  1. Login with your Nuxeo credentials.
  2. Bind/Use your Duo application to check identity through your mobile phone.
  3. Confirm identity authorization with your mobile phone.

Login Plugin Configuration

You must subscribe to DuoWeb services and follow DuoWeb documentation to create all DuoWeb Keys.

After installing the plugin, make sure before starting to include your DuoWeb Keys (provided by DuoWeb) in the following configuration file NUXEO_HOME/templates/duoweb-authentication/config/duo-authentication-config.xml:

<component name="org.nuxeo.duo.factors.login.contrib">

<require>org.nuxeo.ecm.platform.ui.web.auth.WebEngineConfig</require>

<documentation>
  This authentication plugin processes DuoWeb Two Factors Authentication
</documentation>

<extension
        target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
        point="authenticators">
  <authenticationPlugin name="DUO_TWO_FACTORS_AUTH"
                        enabled="true"
                        class="org.nuxeo.duoweb.factors.DuoFactorsAuthenticator">
    <loginModulePlugin>Trusting_LM</loginModulePlugin>
    <parameters>
      <parameter name="IKEY">YOUR_INTEGRATION_KEY</parameter>
      <parameter name="SKEY">YOUR_SECRET_KEY</parameter>
      <parameter name="AKEY">YOUR_APPLICATION_KEY</parameter>
      <parameter name="HOST">YOUR_API_HOSTNAME</parameter>
    </parameters>
  </authenticationPlugin>
</extension>

<extension
        target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
        point="chain">
  <authenticationChain>
    <plugins>
      <plugin>DUO_TWO_FACTORS_AUTH</plugin>
    </plugins>
  </authenticationChain>
</extension>

<extension point="openUrl" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
  <openUrl name="duoFactorsPattern">
    <grantPattern>/nuxeo/duofactors.jsp</grantPattern>
  </openUrl>
</extension>

</component>

The YOUR_APPLICATION_KEY can be generated as followed in DuoWeb documentation