Help with SAML + TOTP

["Bogdan, Tyler" <t....@rcsd.ca>]

Hi!

I'm having problems with using both the SAML and TOTP extension together.  I have gotten SAML (via ADFS) to work by itself and I have also gotten TOTP to work by itself but I can't get them to work together.  Here is the order of events:


  1.  Log in via SAML
  2.  Presented with TOTP registration code
  3.  Scan QR code in authenticator app, enter OTP code into Guacamole
  4.  No error messages, page refreshes/navigates back through SAML auth and shows TOTP registration again

I'm running the 1.3.0 docker image on CentOS 7.  I have mapped my own guacamole.properties and extension folder into the docker image.

Sanitized version of my guacamole.properties: https://pastebin.com/sMrp23Lj
Sanitized version of my docker-compose.yml:  https://pastebin.com/siC1aXyM

I've been doing some research and I know that the auto create is important so I've ensured that is working.  Also, based on some other readings it seems like maybe the 'Change own password' permission is required?  I have ensured that group membership in my IDP is mapped to an admin group in Guacamole.  When I disable TOTP my SAML account has admin permissions.

I've enabled debug level logging and no errors are happening.   You can see some logging here: https://pastebin.com/W8Wu6zp8.

Any ideas?  Any further debugging I can do?

Thanks,
Tyler


CONFIDENTIALITY NOTICE: This email and any attachment(s) are intended for a specific person(s). It may contain privileged or confidential information. If you are not the intended recipient, do not distribute or copy it. Please delete and advise me by return email or telephone. Thank you.