Re: about TOTP auth only work with default settings
Dear Mike, Thank you for your soon reply. To be honest, I am not sure if my authenticator app( I use Microsoft Authenticator) supports these settings, but I have another account(not for Guacamole) in my app that shows 8 digits. Would you please advise me which Authenticator Apps will support these settings? Apache Guacamole is the best one for me to use, thank you for all of your efforts and nice help. The latest version 1.4.0 seems to be much better and fixed some little problems I have met before. Best Wishes, Bruce Mike Jumper 於 2022年1月3日 週一 下午2:17寫道: > On Sun, Jan 2, 2022, 21:55 Bruce Cheng wrote: > >> Hi, >> >> I current use Apache Guacamole version 1.3.0 with Mysql+LDAP( Active >> Directory)+Totp successfully, I config TOTP with the following settings in >> /etc/guacamole/guacamole.properties >> >> # TOTP properties >> totp-issuer: MYCLOUD >> #totp-digits: 8 >> totp-digits: 6 >> totp-period: 30 >> totp-mode: sha256 >> >> When I change the value of totp-digits from 6 to 8 and restart tomcat, I >> scan the first QRcode via my mobile, My authenticator app only showed 6 >> digits but not 8 digits. I also saw the web page show "enter the 8-digit >> authentication code ". Of course, it was shown as a failure. >> >> When I remarked those settings (except " totp-issuer "), I could sign on >> it. >> >> May I know if this is the bug or what kind of settings I should use? >> > > It's not a bug - not all authenticator apps support these settings, and > some will silently ignore them. > > Unless you have confirmed that your authenticator app supports these > settings, the correct settings to use on the Guacamole side are the > defaults. > > - Mike > >
Re: about TOTP auth only work with default settings
On Sun, Jan 2, 2022, 21:55 Bruce Cheng wrote: > Hi, > > I current use Apache Guacamole version 1.3.0 with Mysql+LDAP( Active > Directory)+Totp successfully, I config TOTP with the following settings in > /etc/guacamole/guacamole.properties > > # TOTP properties > totp-issuer: MYCLOUD > #totp-digits: 8 > totp-digits: 6 > totp-period: 30 > totp-mode: sha256 > > When I change the value of totp-digits from 6 to 8 and restart tomcat, I > scan the first QRcode via my mobile, My authenticator app only showed 6 > digits but not 8 digits. I also saw the web page show "enter the 8-digit > authentication code ". Of course, it was shown as a failure. > > When I remarked those settings (except " totp-issuer "), I could sign on > it. > > May I know if this is the bug or what kind of settings I should use? > It's not a bug - not all authenticator apps support these settings, and some will silently ignore them. Unless you have confirmed that your authenticator app supports these settings, the correct settings to use on the Guacamole side are the defaults. - Mike
about TOTP auth only work with default settings
Hi, I current use Apache Guacamole version 1.3.0 with Mysql+LDAP( Active Directory)+Totp successfully, I config TOTP with the following settings in /etc/guacamole/guacamole.properties # TOTP properties totp-issuer: MYCLOUD #totp-digits: 8 totp-digits: 6 totp-period: 30 totp-mode: sha256 When I change the value of totp-digits from 6 to 8 and restart tomcat, I scan the first QRcode via my mobile, My authenticator app only showed 6 digits but not 8 digits. I also saw the web page show "enter the 8-digit authentication code ". Of course, it was shown as a failure. When I remarked those settings (except " totp-issuer "), I could sign on it. May I know if this is the bug or what kind of settings I should use? Please advise me and thank you for your help. -- Best Regards, Bruce