You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Hugo CAMPION (Jira)" <ji...@apache.org> on 2020/12/08 19:38:00 UTC

[jira] [Created] (GUACAMOLE-1234) TOTP not working as expected

Hugo CAMPION created GUACAMOLE-1234:
---------------------------------------

             Summary: TOTP not working as expected
                 Key: GUACAMOLE-1234
                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1234
             Project: Guacamole
          Issue Type: Bug
          Components: guacamole-auth-totp
    Affects Versions: 1.2.0
         Environment: Debian 10.7
Tomcat 8
Tried browser : chrome, firefox and midori on all linux debian 10
            Reporter: Hugo CAMPION


Hi,

 

Maybe it is my fault but i tried the following :

 

We have LDAP auth to WIndows AD => this is working

We have MYSQL too to manage user permission in guacamole => this is working

 

I tried to ADD TOTP so i did this:

 
 * download guacamole-auth-totp-1.2.0.jar in /etc/guacamole/extensions/.
 * Edit config to add mysql-auto-create-accounts: true
 * Edit my test user permission to add the ability to modify it's own password
 * Edit config to add totp issuer and sha1 mode
 * Restart tomcat8
 * Install google Authenticator on my Iphone

 

My problem is, I have the enrollment page and display of the Qrcode, if i flash the qrcode with my phone, it adds the totp source to my app correctly. But i can't login, i have "Verification failed. Please try again." every time.

 

Nothing special in catalina.out log, it says user xxx succesfully authenticated ?!

 

I tried to manually enter the secret VS scanning the Qrcode, same problem...

Tried to clear the cache, use incognito mode... same...

Tried to edit the database : 

 

MariaDB [guacamole_db]> select * from guacamole_user_attribute;
+---------+-------------------------+----------------------------------+
| user_id | attribute_name | attribute_value |
+---------+-------------------------+----------------------------------+
| 4 | guac-totp-key-confirmed | false |
| 4 | guac-totp-key-secret | UMV5CJLYYFOU4X6NWN63MYRA7RLMVWHZ |
| 10 | guac-totp-key-confirmed | true |
| 10 | guac-totp-key-secret | SYVSRN4OTRTNZOWKWYR7QVCIRSWLWASF |
| 11 | guac-totp-key-confirmed | false |
| 11 | guac-totp-key-secret | AZN2L5FCEY46EALDZWDJDGTPOZM2HFF4 |
+---------+-------------------------+----------------------------------+

 

It says "true" for the test user so i assume the enrollment is working right ?

 

I tried to set back to false, enrollment showed up again, but same result at the end...

 

I also tried to edit my test user and give him all the permissions with no luck!

 

This is why I'm posting here now...

 

Sorry english is not my first language, i hope i gave you enough information on the problem

 

Thanks

 

 

 

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)