forked from tweakier/duo_auth
-
Notifications
You must be signed in to change notification settings - Fork 4
/
duo_auth.conf
52 lines (38 loc) · 2.2 KB
/
duo_auth.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
;This is a configuration 'ini' file
;Comments start with ';', as in php.ini
;Duo integration and local bypass config
[duo_config]
;Duo Web SDK application Client ID
client_id = "insert here your value from DUO SDK APP"
;Duo Web SDK application Client secret
client_secret = "insert here your value from DUO SDK APP"
;Duo Web SDK application API hostname
api_hostname = "insert here your value from DUO SDK APP"
;Redirect URI which Duo will use to redirect back to your application after authentication
redirect_uri = "https://your_host_domain/your_page_name_redirect.php"
;HTTP proxy
http_proxy = ""
;A call to health_check() determines if Duo’s servers are accessible and available to accept the 2FA request.
;If Duo’s servers are inaccessible for any reason (e.g. networking issues, services outage), this method raises an error,
;and your application can decide how to proceed (i.e. to "Fail Open" and allow the login without completing Duo authentication,
;or to "Fail Closed" and prohibit the login completely).
failmode = "closed"
[rc_path]
;you must indicate URI web-server path without FQDN to your web folder RC installation, for example - rc_path = "/" if web-folder is root, or rc_path = "/rc/" if your installation sub-web-folder, virtual folder or alias.
rc_path = "/"
[bypass_username]
;username[] value must be same identical username value in username field in login page form depends on your deployment scenario and your own IMAP mail system configuration
;for example, if you use choose domain on login page form from list and merge username and domain by Roundcube param config
;your username would be contein only username without @domain suffix or your own IMAP mail system support login without fully @domain suffix
;simple copy-paste username[] = "" for add new value and uncomment string - delete ';'
;username[] = "user01.test"
;username[] = "[email protected]"
;username[] = "[email protected]"
;username[] = "user01"
[bypass_ipaddr]
;unicast ipv4 address and any subnet prefix/suffix bypass
;simple copy-paste ipaddr[] = "" for add new value and uncomment string - delete ';'
;ipaddr[] = "192.168.100.100"
;ipaddr[] = "192.168.100.100/32"
;ipaddr[] = "192.168.0.0/24"
;ipaddr[] = "192.168.0.0/28"