You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Kris Germann <kg...@portal.net.co> on 2017/03/13 15:27:08 UTC
Duo 2FA - Guacamole 9.11
I'm wondering how to accomplish this, I have the following in my guacamole.preferences:
#MySQL Info
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: xxxxxxxxxxxx
#Duo Security API Info
duo-api-hostname: api-hostname.duosecurity.com
duo-integration-key: xxxxxxxxxxxxxxxxxxxx
duo-secret-key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
duo-application-key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
However, when I log in I get the following in the logs:
14:54:09.658 [http-nio-8080-exec-2] INFO o.a.g.r.auth.AuthenticationService - User "kgermann" successfully authenticated from 50.100.78.133.
However, I am greeted with:
Any help would be appreciated :)
Kris
Re: Duo 2FA - Guacamole 9.11
Posted by Mike Jumper <mi...@guac-dev.org>.
On Mon, Mar 13, 2017 at 1:02 PM, Kris Germann <kg...@portal.net.co>
wrote:
> I have, however, it seems I tried initially with the free version of Duo
> which did not include the Auth API application - once I upgraded and
> generated a new token for the Auth API (previously I was using “UNIX
> Application”) it worked.
>
>
By the way, though it will indeed work, "Auth API" turns out to be
incorrect:
https://issues.apache.org/jira/browse/GUACAMOLE-219
Some time after Guacamole's initial support for Duo went out, Duo moved
"Auth API" to the non-free version. As far as Guacamole is concerned, this
doesn't matter because we should have listed "Web SDK" in the first place,
but there is no need to upgrade things just to use Duo with Guacamole.
There was a recent discussion here which lead to the above:
http://mail-archives.apache.org/mod_mbox/incubator-guacamole-user/201702.mbox/%3CCADftKDVyf1t615Km08D6pVyNiS_iRntmCfutPpg-Re0DJin83g%40mail.gmail.com%3E
- Mike
Re: Duo 2FA - Guacamole 9.11
Posted by Kris Germann <kg...@portal.net.co>.
I have, however, it seems I tried initially with the free version of Duo which did not include the Auth API application - once I upgraded and generated a new token for the Auth API (previously I was using “UNIX Application”) it worked.
Case closed!
- Kris
<https://www.instagram.com/PortalNetworkCo/>
> On Mar 13, 2017, at 4:01 PM, Mike Jumper <mi...@guac-dev.org> wrote:
>
> On Mon, Mar 13, 2017 at 8:27 AM, Kris Germann <kgermann@portal.net.co <ma...@portal.net.co>> wrote:
> I'm wondering how to accomplish this, I have the following in my guacamole.preferences:
>
> #MySQL Info
> mysql-hostname: localhost
> mysql-port: 3306
> mysql-database: guacamole_db
> mysql-username: guacamole_user
> mysql-password: xxxxxxxxxxxx
>
> #Duo Security API Info
> duo-api-hostname: api-hostname.duosecurity.com <http://api-hostname.duosecurity.com/>
> duo-integration-key: xxxxxxxxxxxxxxxxxxxx
> duo-secret-key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> duo-application-key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
> However, when I log in I get the following in the logs:
>
> 14:54:09.658 [http-nio-8080-exec-2] INFO o.a.g.r.auth.AuthenticationService - User "kgermann" successfully authenticated from 50.100.78.133.
>
> However, I am greeted with:
>
> <Screen Shot 2017-03-12 at 2.42.38 PM.png>
>
> Any help would be appreciated :)
>
>
>
>
> Have you verified that the integration key, secret key, and API hostname are exactly as listed by Duo in the application's "Details" section?
>
> - Mike
Re: Duo 2FA - Guacamole 9.11
Posted by Mike Jumper <mi...@guac-dev.org>.
On Mon, Mar 13, 2017 at 8:27 AM, Kris Germann <kg...@portal.net.co>
wrote:
> I'm wondering how to accomplish this, I have the following in my
> guacamole.preferences:
>
> #MySQL Info
> mysql-hostname: localhost
> mysql-port: 3306
> mysql-database: guacamole_db
> mysql-username: guacamole_user
> mysql-password: xxxxxxxxxxxx
>
> #Duo Security API Info
> duo-api-hostname: api-hostname.duosecurity.com
> duo-integration-key: xxxxxxxxxxxxxxxxxxxx
> duo-secret-key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> duo-application-key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
> However, when I log in I get the following in the logs:
>
> 14:54:09.658 [http-nio-8080-exec-2] INFO o.a.g.r.auth.AuthenticationService
> - User "kgermann" successfully authenticated from 50.100.78.133.
>
> However, I am greeted with:
>
>
> Any help would be appreciated :)
>
>
>
Have you verified that the integration key, secret key, and API hostname
are exactly as listed by Duo in the application's "Details" section?
- Mike