You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Christian Tardif <ch...@servinfo.ca> on 2020/04/23 04:13:04 UTC
Re[2]: Duo authentication issue
The server where it resides right now (it's on a Kubernetes cluster) is about 1 minute 15 seconds ahead of the UTC right now. Is it too far from the "official" time?
- Christian
------ Message d'origine ------
De: "Mike Jumper" <mj...@apache.org>>
À: "user@guacamole.apache.org<ma...@guacamole.apache.org>" <us...@guacamole.apache.org>>
Envoyé : 2020-04-22 23:22:14
Objet : Re: Duo authentication issue
On Wed, Apr 22, 2020, 20:05 Christian Tardif <ch...@servinfo.ca>> wrote:
Hi,
I'm using Guacamole 1.1.0 and I no longer can authenticate through Duo. I have set the debug level to try to figure out what's happening, and here's what I found:
02:52:44.270 [http-nio-8080-exec-6] DEBUG o.a.g.auth.duo.api.DuoService - Duo response contained expired cookie(s).
02:52:44.270 [http-nio-8080-exec-6] WARN o.a.g.e.AuthenticationProviderFacade - The "duo" authentication provider has encountered an internal error which will halt the authentication process. If this is unexpected or you are the developer of this authentication provider, you may wish to enable debug-level logging. If this is expected and you wish to ignore such failures in the future, please set "skip-if-unavailable: duo" within your guacamole.properties.
Where should I look to solve this "expired cookie" in Duo response?
Is your server's system clock out of sync?
- Mike
Re[3]: Duo authentication issue
Posted by Christian Tardif <ch...@servinfo.ca>.
Just adjusted the time on the kubernetes node, and it does make a difference... tought that the cookie was good for 300 seconds, as per the code. Apparently, it is shorter than that.
Thanks for the tip !
- Christian
________________________________
Christian Tardif
christian.tardif@servinfo.ca<ma...@servinfo.ca>
SVP, pensez à l’environnement avant d’imprimer ce message.
------ Message d'origine ------
De: "Christian Tardif" <ch...@servinfo.ca>>
À: "user@guacamole.apache.org<ma...@guacamole.apache.org>" <us...@guacamole.apache.org>>
Envoyé : 2020-04-23 00:13:04
Objet : Re[2]: Duo authentication issue
The server where it resides right now (it's on a Kubernetes cluster) is about 1 minute 15 seconds ahead of the UTC right now. Is it too far from the "official" time?
- Christian
------ Message d'origine ------
De: "Mike Jumper" <mj...@apache.org>>
À: "user@guacamole.apache.org<ma...@guacamole.apache.org>" <us...@guacamole.apache.org>>
Envoyé : 2020-04-22 23:22:14
Objet : Re: Duo authentication issue
On Wed, Apr 22, 2020, 20:05 Christian Tardif <ch...@servinfo.ca>> wrote:
Hi,
I'm using Guacamole 1.1.0 and I no longer can authenticate through Duo. I have set the debug level to try to figure out what's happening, and here's what I found:
02:52:44.270 [http-nio-8080-exec-6] DEBUG o.a.g.auth.duo.api.DuoService - Duo response contained expired cookie(s).
02:52:44.270 [http-nio-8080-exec-6] WARN o.a.g.e.AuthenticationProviderFacade - The "duo" authentication provider has encountered an internal error which will halt the authentication process. If this is unexpected or you are the developer of this authentication provider, you may wish to enable debug-level logging. If this is expected and you wish to ignore such failures in the future, please set "skip-if-unavailable: duo" within your guacamole.properties.
Where should I look to solve this "expired cookie" in Duo response?
Is your server's system clock out of sync?
- Mike