On Tue, Feb 4, 2020 at 4:48 AM Макаров Андрей <[email protected]> wrote: > > I configured next auth scheme: OpenID + DB auth (postgres). It worked fine, > after that I've enabled totp, and now I cannot login into guacamole. Nothing > happens after entering the TOTP-code, except TOTP-code entry page which > appears again and again. > Does it not work by design? Or maybe I made some misconfiguration? >
My guess would be that the OpenID support as currently designed is not compatible with TOTP. The TOTP extension works by vetoing the auth result of the other extensions, requesting additional credentials. Once those credentials (the TOTP code) are supplied, the full set of credentials are resubmitted and revalidated ... but at that point, the OpenID token, nonce. etc. would no longer be valid. The OpenID support likely needs to be modified to allow for MFA configurations. - Mike --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
