Duo implementation without keycloak


Is there a way to implement Duo 2FA without keycloak?
Duosecurity provides ruby libraries for web application - https://github.com/duosecurity/duo_ruby.

How can I implement this with OOD?


Hey @bp85

There isn’t a way to do this natively within OOD currently due to the architecture. Delegating this to an identity provider is probably the best bet here.


@bp85 what authentication method are you using with Apache?

Hi @efranz,

currently we’re using Basic Auth with LDAP.
Does OOD support Single-Sign-On?

OnDemand works with any federated authentication option for Apache. So mod_auth_shib, mod_auth_openidc, mod_auth_cas. We are shipping 1.8 with Dex as an optional authentication solution, which is a light weight OpenID Connect IDP that is more robust than basic auth, and may support 2FA in the future.