You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2020/11/13 22:49:00 UTC
[jira] [Commented] (GUACAMOLE-1213) TOTP PSQLException following
successful LDAP authentication
[ https://issues.apache.org/jira/browse/GUACAMOLE-1213?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17231863#comment-17231863 ]
Mike Jumper commented on GUACAMOLE-1213:
----------------------------------------
{quote}
In response to this successful login, the TOTP plugin proceeds to attempt to add/update the associated user in the Postgres DB. This fails as is shown in the following guacamole log entries.
{quote}
The TOTP extension does not actually attempt to do anything with the database. It is the database extension that attempts to persist the custom attributes added by the TOTP extension.
{quote}
The associated stack trace stems from
org.apache.guacamole.auth.totp.TOTPAuthenticationProvider.decorate(TOTPAuthenticationProvider.java:76)
{quote}
Can you provide the full strack trace and logs? The rest of the stack trace may be more helpful, as it's not the TOTP extension that is failing in this case.
The SQL query that is failing here is the generic update of a single user:
https://github.com/apache/guacamole-client/blob/43f8cc0400266288a70448ad7ddc12b10734c83f/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml#L329
This particular query will not be dealing with TOTP, so it is not immediately clear to me why this failure would be TOTP-specific. The error also looks like it would have resulted in users being uneditable across the board for the PostgreSQL support, which is not the case.
> TOTP PSQLException following successful LDAP authentication
> -----------------------------------------------------------
>
> Key: GUACAMOLE-1213
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1213
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-jdbc-postgresql, guacamole-auth-ldap, guacamole-auth-totp
> Affects Versions: 1.2.0
> Reporter: Todd Gould
> Priority: Major
>
> I have successfully deployed both guacd and guacamole via docker image to AWS ECS. I have added the TOTP extension to the image. Additionally, I have successfully configured guacamole to use LDAPs to integrate with a Microsoft Active Directory and a Postgres database.
> Background:
> I can see via in the guacamole logs, that a login attempt is successfully authenticated by the configured LDAPs.
> {code:none}
> 15:25:40.889 [http-nio-8080-exec-4] INFO o.a.g.r.auth.AuthenticationService - User "<user-name>" successfully authenticated from <ip-address>.
> {code}
> I have additionally verified that the same login attempt (with the same user/credentials) will result in successful login and access to the guacamole application when I temporarily deploy WITHOUT the TOTP extension for testing purposes. As I require the MFA protection provided by TOTP, this is not an acceptable option in this situation.
> The problem:
> In response to this successful login, the TOTP plugin proceeds to attempt to add/update the associated user in the Postgres DB. This fails as is shown in the following guacamole log entries.
> {code:none}
> 15:25:41.003 [http-nio-8080-exec-4] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
> ### Error updating database. Cause: org.postgresql.util.PSQLException: ERROR: operator does not exist: integer = character varying
> Hint: No operator matches the given name and argument types. You might need to add explicit type casts.
> Position: 487
> ### The error may involve org.apache.guacamole.auth.jdbc.user.UserMapper.update-Inline
> ### The error occurred while setting parameters
> ### SQL: UPDATE guacamole_user SET password_hash = ?, password_salt = ?, password_date = ?, disabled = ?, expired = ?, access_window_start = ?, access_window_end = ?, valid_from = ?, valid_until = ?, timezone = ?, full_name = ?, email_address = ?, organization = ?, organizational_role = ? WHERE user_id = ?
> ### Cause: org.postgresql.util.PSQLException: ERROR: operator does not exist: integer = character varying
> {code}
> The associated stack trace stems from
> org.apache.guacamole.auth.totp.TOTPAuthenticationProvider.decorate(TOTPAuthenticationProvider.java:76)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)