06-25-2024 06:37 PM
@Duo @DuoSecurity
We are trying to figure out why calling /admin/v1/integrations via the official Golang API client works, but /admin/v2/integrations does not. Unfortunately, Duo support staff are struggling to help. Does anyone have experience, or an example (in any programming language) of this working? More details below, thanks in advance.
We have the Golang API client connected to our internal API we are building, we are able to get users and integrations from v1 endpoints but we are struggling with 40103 errors when using /admin/v2/integrations endpoints.
This is a working code snippet, how do I change this to work with v2 endpoints? This is set up nearly identical to the user and group methods in the Golang API client repo Duo recommends to use.
sso - <dict: parameters for generic single sign-on> (optional)
New argument for unreleased feature. Will return an error if used.
Client will be updated again in the future when feature is released.
Solved! Go to Solution.
07-01-2024 07:54 AM - edited 07-01-2024 02:48 PM
SOLUTION: Use v5 signing when making requests. The JSONSignedCall function uses v5. Here is the pull request.
https://github.com/duosecurity/duo_api_golang/pull/48
To use v5 signatures, you need to convert their params from type url.values to JSONParams.
params := duoapi.JSONParams{} params["offset"] = "5" _, body, err := api.JSONSignedCall(http.MethodGet, "/admin/v2/integrations", params) if err != nil { println("Error") return } v2Result := &GetIntegrationsResult{} err = json.Unmarshal(body, v2Result) if err != nil { println("Error") return } fmt.Printf("%+v", *v2Result)
---
Reply to dwrice000:
You are not hijacking, I was having the exact same problem. The documentation is very lackluster and outdated, I am building some automation with their Golang Client, and I figured it out mostly.
Maybe you are not seeing the SSO integrations because you need to use v2 Admin API endpoints, not v1. In order to use v2 Admin API endpoints you need to use the v5 signing function. I know it's confusing but their authentication signing is on a different version schema. I really hate their documentation on this, it needs to be fixed.
I am using the Golang client so I don't have time to go back through the Python code but I believe I saw that there is logic to check if you are using v1 or v2 endpoints when you call the API. So I believe if you use v5 signing with v2 endpoints, you should be good.
You also need the correct permissions with the Admin API you are calling, perhaps that is why you can not see SSO params. You can change that quickly in the GUI. Also, what error codes and messages are you getting?
06-29-2024 08:45 AM
Not trying to hijack your thread but I have issues with integrations v2 as well using Python client and I'm experiencing the same poor support from Duo. The don't read the notes you put in the case. In my case, the call works but does not return correct results. I'm simply trying to list all integrations and it does not list any integrations using Duo SSO. Here's my small code sample:
import duo_client
ikey = "xxxxxx"
skey = "yyyyyy"
hostname = "api-zzzzzzz.duosecurity.com"
testadmin = duo_client.Admin(ikey=ikey, skey=skey, host=hostname)
integrations = testadmin.get_integrations()
for integration in integrations:
print(integration)
07-01-2024 07:54 AM - edited 07-01-2024 02:48 PM
SOLUTION: Use v5 signing when making requests. The JSONSignedCall function uses v5. Here is the pull request.
https://github.com/duosecurity/duo_api_golang/pull/48
To use v5 signatures, you need to convert their params from type url.values to JSONParams.
params := duoapi.JSONParams{} params["offset"] = "5" _, body, err := api.JSONSignedCall(http.MethodGet, "/admin/v2/integrations", params) if err != nil { println("Error") return } v2Result := &GetIntegrationsResult{} err = json.Unmarshal(body, v2Result) if err != nil { println("Error") return } fmt.Printf("%+v", *v2Result)
---
Reply to dwrice000:
You are not hijacking, I was having the exact same problem. The documentation is very lackluster and outdated, I am building some automation with their Golang Client, and I figured it out mostly.
Maybe you are not seeing the SSO integrations because you need to use v2 Admin API endpoints, not v1. In order to use v2 Admin API endpoints you need to use the v5 signing function. I know it's confusing but their authentication signing is on a different version schema. I really hate their documentation on this, it needs to be fixed.
I am using the Golang client so I don't have time to go back through the Python code but I believe I saw that there is logic to check if you are using v1 or v2 endpoints when you call the API. So I believe if you use v5 signing with v2 endpoints, you should be good.
You also need the correct permissions with the Admin API you are calling, perhaps that is why you can not see SSO params. You can change that quickly in the GUI. Also, what error codes and messages are you getting?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide