[jira] [Commented] (GUACAMOLE-197) Implement Support for RADIUS Authentication

Tue, 07 Feb 2017 06:30:14 -0800 

    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15856087#comment-15856087
 ] 

Nick Couchman commented on GUACAMOLE-197:
-----------------------------------------

Got it...will just pass it through as a hidden field in the challenge/response 
process, unless there's a better way to do it.

Having cleared that hurdle, I'm on to the next one - how to deal with the value 
of the state parameter in a safe way.  When I look at the debug output from 
FreeRADIUS, the state shows up as a hexadecimal value.  When I deal with it as 
a String in Java, it almost looks like a binary value.  Tried a few rounds of 
converting it to an integer and dealing with it that way, but that didn't seem 
to work, so going to try a byte array, now, and see what happens.  Only concern 
is trying to pass a binary value through to AngularJS and then get it back 
safely...fun times!

> Implement Support for RADIUS Authentication
> -------------------------------------------
>
>                 Key: GUACAMOLE-197
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-197
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole, guacamole-client
>    Affects Versions: 0.9.11-incubating
>            Reporter: Nick Couchman
>            Priority: Minor
>
> Working on implementing a RADIUS authentication module - 
> guacamole-auth-radius.  The basic implementation is completed - with a basic 
> PAP or CHAP RADIUS server, the authentication succeeds and the user is logged 
> in.
> I'm running into an issue, though, trying to implement Challenge/Response in 
> RADIUS.  I have my RADIUS server configured to talk to LinOTP for MFA/2FA, 
> and RADIUS sends the AccessChallenge package back, asking for the second 
> factor.  My issue is in my continual failure to grasp the connection between 
> the servlet side and the AngularJS web application.  I've copied the Duo 
> authentication code and tried to morph it into something that will present 
> another box for the RADIUS challenge, but I can't get my controller function 
> to actually fire.
> Once that is working, I'd like to support other RADIUS authentication 
> protocols, like EAP-TLS and EAP-TTLS, so there's a little more work to be 
> done, but right now I'm focusing on the basic protocols and the 
> challenge/response.
> Will have a repo posted here in a moment for working on this.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to