You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Nicolas Baudrand (Jira)" <ji...@apache.org> on 2021/04/24 15:50:00 UTC

[jira] [Created] (GUACAMOLE-1333) Force second auth

Nicolas Baudrand created GUACAMOLE-1333:
-------------------------------------------

             Summary: Force second auth
                 Key: GUACAMOLE-1333
                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1333
             Project: Guacamole
          Issue Type: Bug
          Components: guacamole-auth-jdbc-mysql, guacamole-auth-ldap, guacamole-auth-radius
    Affects Versions: 1.3.0
            Reporter: Nicolas Baudrand


Hi !

We're using Guacamole Auth ldap and then map returned groups with existing mysql groups to assign profiles.

Now, we want to ask for TOTP to our central server that is reachable by radius.

So, I have enabled auth-jdbc, auth-ldap and auth-radius

With username+pass (ldap), I access to my AD group profile.

With username+otp or username+pass+otp (radius), I have an empty profile because no groups are returned by radius.

Is it possible to force a second auth after LDAP (returning GuacamoleInsufficientCredentialsException) so that we can ask for OTP after LDAP.

Guacamole TOTP is great but not centralized and I don't want to ask my users to register a new Token for each application.

 

Thanks a lot for this great product

 

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)