[ https://issues.apache.org/jira/browse/GUACAMOLE-819?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nick Couchman reassigned GUACAMOLE-819: --------------------------------------- Assignee: Nick Couchman > Documented Duo secret key length is incorrect > --------------------------------------------- > > Key: GUACAMOLE-819 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-819 > Project: Guacamole > Issue Type: Bug > Components: Documentation > Reporter: Stephen Jenkins > Assignee: Nick Couchman > Priority: Trivial > > The length of the Duo secret key is documented within the Guacamole manual as > exactly 20 characters. This is incorrect. The _integration_ key is exactly 20 > characters, but the secret key is 40 characters. > This can be seen in the definition and usage of the constants in [Duo's > {{DuoWeb}} > class|https://github.com/duosecurity/duo_java/blob/de98f6cece74a3097fb6018417084ea4d069dbf2/DuoWeb/src/main/java/com/duosecurity/duoweb/DuoWeb.java]: > {code:java} > public final class DuoWeb { > ... > private static final int IKEY_LEN = 20; > private static final int SKEY_LEN = 40; > private static final int AKEY_LEN = 40; > ... > public static String signRequest(final String ikey, final String > skey, final String akey, final String username, final long time) { > ... > if (ikey.equals("") || ikey.length() != IKEY_LEN) { > return ERR_IKEY; > } > if (skey.equals("") || skey.length() != SKEY_LEN) { > return ERR_SKEY; > } > if (akey.equals("") || akey.length() < AKEY_LEN) { > return ERR_AKEY; > } > ... > {code} > Note that the lengths of the various keys are not actually enforced by the > guacamole-auth-duo extension, so while the manual is incorrect, the extension > should still function as long as correct key values are provided. -- This message was sent by Atlassian Jira (v8.3.4#803005)