cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
193
Views
0
Helpful
1
Replies

Cisco Duo + WSA (secure web appliance) Dashboard login with LDAP

 

Team,

Has anyone tried or successfully implemented DUO MFA protection for the Cisco WSA dashboard login using LDAP?

Since there is no native integration between DUO and WSA, and no official documentation is available, I attempted to use the generic LDAP Proxy application from DUO. I configured the AuthProxy as an LDAP server in WSA, but unfortunately, authentication is not working — it keeps showing "invalid credentials."

Interestingly, when we added the AuthProxy in WSA and tested connectivity and queries using the test option, it was successful. However, actual dashboard login attempts are failing.

Any expert suggestions or insights would be greatly appreciated.

Regards,
Ramesh

1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

These Duo KB articles might help you troubleshoot:

https://help.duo.com/s/article/1126

https://help.duo.com/s/article/2953

For LDAP setups in particular: The Duo proxy's default assumption is that the authenticating device/application will connect, bind as the service account and do the lookup, then bind as the end-user in the same connection.

Some devices/applications will open a new connection for every bind, which needs a config adjustment in authproxy.cfg. If you see that happening in your authproxy.log, take a look at https://help.duo.com/s/article/4989.

Duo, not DUO.
Quick Links