I have been using DUO.com with a few projects now including Guacamole and VMware Horizon. The service works fast and always as expected. I enter my user name and password and get a push to my phone or smart watch. I can then accept or deny the login from my smart watch of phone with the push of either accept or deny button. I would love to see something like this for Hassio.
Iām going to take a look at implementing this. If anyone else has started this or wants to please let me know.
2 Likes
Progress update:
Iām new to developing for HA but Iāve worked out I need to create an MFA component. Iāve copied the insecure example as well as test editing the totp module.
Iām currently stuck as I need to insert an iframe into the polymer-dialog. It looks like the front end may not allow this or Iāve got to wrap the HTML code in the correct tags for the front end to understand itās html. Currently itās been displayed as .
Lots more to understand about how the frontend works and more source code to read before saying itās not possible though.
1 Like
Are you still working on this @JumpMaster? Iād like to use Duo as well and wouldnāt mind seeing if I can help. Not sure if you have a git repo up with the code currently or not
1 Like
Iāve made a couple of PRs now and learned a lot more about this process. Iāve also looked into how the MFA code works and it currently isnāt compatible with Duo. The MFA system takes a description (e.g. please enter your google auth code) and a field (e.g. a field for 6 numbers).
This isnāt compatible with Duo which would require an iFrame along with a few other fields. To implement this would require a lot of code changes to the front end and probably an issue raised within the architecture repo.
Iāve had an issue open for 12 days which hasnāt had an update. This is holding up two PRs Iāve raised but as they edit a base object it has to be agreed via the architecture repo.
I think the first step should be to raise the issue in architecture. At least find out if the team are interested in Duo support. If there not interested it wonāt get there time. Theyāre all extremely busy and know what they want to achieve. If weāre going to take their to look at something else it has to interest them.
Iām happy to help and would like Duo support but Iām not sure itās the most important thing to add to HA at the current time.
Thereās a pretty nice PR which seems stalled adding web auth as an MFA.
Thanks for getting back, Iāll see if I can find the issue you raised and add my support. Seeing as how this project is for home automation and for it to be practical you need to expose your internal network externally, I think supporting more MFA platforms should be on the bucket list. I know theyāre busy so if thereās anything we can do to get some more support around this and also help them achieve the goal once they roadmap the request, Iām more than happy to dig in and learn/help any way that I can.
What might be more interesting / beneficial would be to have a 2fa system which uses the official mobile apps. So upon signing in you can either use Google Auth or confirm the prompt within the mobile app. In the same way Duo does.
This would require an addition to the mobile api and an app (for testing) and eventually to the mobile app.
But again does this add anything important to HA? It would be slightly more convenient to be able to click a prompt but opening Google Authenticator or Auth when logging in isnāt hard. I assume everyone selects āRemember meā on their devices so logging in is not a frequent task.
Would love to see Duo for Home Assistant
I would love to see this too.
Push! Me too!