Hello,
I have just installed Splunk on my VPS. Being internet facing I wanted 2factor auth, the only program I could see was Duo Security. I have installed their module from GitHub, and followed the install instructions as directed. However, once I enter the credentials it is forwarded on to another page showing 'Invalid Integration'
So my question is if anybody else is using the integration? and also if anybody is using with Splunk 6? could really use some help to get it fixed please.
I am using CentOS 6.5
Cheers
This should help you. Duo currently broken for anything > 6.2, here is a fix..
https://answers.splunk.com/answers/318889/duo-security-broken-in-splunk-63.html
I was using duo 2-F on my splunkweb on 5.1.3 and it worked fine. But after I upgraded to 6.1.4 (which wiped-out the duo code) and installed the latest duo code following these directions https://www.duosecurity.com/docs/splunk it broke splunkweb. Actually, more correctly, it worked the first time I logged on then after that quit working. I'm not using it now.
It works great on the 6.5 release and up, and is built into Splunk now. Go to settings, How to set it up here: https://docs.splunk.com/Documentation/Splunk/7.1.2/Security/ConfigureDuo