DUO MFA call via HTTP (Windows GINA client)

DUO MFA call via HTTP (Windows GINA client)

Hello ManageEngine,

We are deploying the ManageEngine GINA v5.9 client via HTTPS and it works well however our environment blocks HTTP calls to the outside world. This comes into play during the GINA DUO MFA prompt.

From the logon screen, after a user selects either Unlock or Reset, they are presented with a "please wait" iFrame screen and a count-down.
────────────────────────────────



────────────────────────────────
From a sandboxed machine that does allow HTTP to the public internet, a WireShark capture exposes the call from the GINA client to DUO is HTTP and it attempts to convert over to SSL/TLS. 

────────────────────────────────
Since the HTTP call is successful, then we get the expected result...

Is there any way to have that communication to/from DUO API initiated as HTTPS? Any fancy modifications to reg keys, javascripts (Duo-Web-v2.min.js), etc that can we make? Or is this behavior baked into the GINA client? We're kind of dead in the water here....

Please advise!

      New to ADSelfService Plus?

        Resources

                Related Products