12-21-2021 02:03 PM
Hi There!
We are currently deploying Duo with our Cisco Anyconnect VPN.
I’ve followed the instructions for LDAPS deployment but I ran into a weird issue.
As soon as we add the “script” block of text to include the file “Duo-Cisco-v6.js”.
Nothing happens when we fill out the form and hit LOGIN.
Is there anything to activate to allow javascript to run?
Cisco ASA 5512 running 9.12.4 (37).
File “Duo-Cisco-v6.js” has been downloaded and installed according to the procedure.
As soon as I remove this script text block, the Clientless page works fine.
Thanks!
Solved! Go to Solution.
12-22-2021 01:07 PM
No, there isn’t.
It seems like there is an issue executing the Duo Javascript only, if AnyConnect works with 2FA and also browser SSL VPN works with the text-only experience.
I suggest you open a support case so a support engineer can review your configuration with you.
ETA: I strongly urge you to consider using Duo SSO with your ASA instead. There are benefits to using the SAML config over the LDAPS config, like support for network-based policy, showing an interactive prompt in AnyConnect, and support for the Duo Universal Prompt.
The LDAPS configuration will receive no further updates from Duo and is not in scope for Universal Prompt.
12-22-2021 08:27 AM
Typically whether Javascript runs on a page or not is up to the client browser. Is it enabled there?
Also, might be worth double-checking for these common mistakes we see with Cisco ASA LDAPS support escalations:
12-22-2021 09:00 AM
Hi Kristina, Thank you for the reply.
I’ve checked all of those points, thanks for the suggestion.
However, is not working. After hitting LOGIN the button is faded and nothing happens.
12-22-2021 09:13 AM
If you look at the ASA logging during your login attempt, do you see that primary authentication to whatever you have configured (AD? ISE?) succeeds, and after that do you see an outbound request to your Duo cloud API host?
Also, have you tried a client connection to your SSL VPN (like, using AnyConnect, where the user types in username, password, and Duo factor)? Does that work with 2FA?
12-22-2021 11:55 AM
Hi Kristina,
If I remove the script portion in the customization, I do see a third field appear and i’m able to connect with my passcode from Duo. The Duo AAA server works fine when I’m testing it.
Anyconnect works fine too. I will try to investigate the outbound request.
Thanks!
12-22-2021 12:32 PM
Is there anything to activate on the Duo Admin Panel except the applications?
12-22-2021 01:07 PM
No, there isn’t.
It seems like there is an issue executing the Duo Javascript only, if AnyConnect works with 2FA and also browser SSL VPN works with the text-only experience.
I suggest you open a support case so a support engineer can review your configuration with you.
ETA: I strongly urge you to consider using Duo SSO with your ASA instead. There are benefits to using the SAML config over the LDAPS config, like support for network-based policy, showing an interactive prompt in AnyConnect, and support for the Duo Universal Prompt.
The LDAPS configuration will receive no further updates from Duo and is not in scope for Universal Prompt.
12-22-2021 02:14 PM
Awesome thank you! I will configure it as suggested
12-22-2021 08:17 PM
Successfully configured, many thanks!
04-16-2022 02:56 AM
I have the same problem as explained, the JavaScript not working anymore.
How did you solve it, did you have to use DUO SSO?
04-19-2022 06:02 AM
Yes, we used SSO. Duo Single Sign-On for Cisco ASA with AnyConnect | Duo Security
10-23-2023 08:00 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide