Just adjusted the time on the kubernetes node, and it does make a difference... tought that the cookie was good for 300 seconds, as per the code. Apparently, it is shorter than that.
Thanks for the tip ! - Christian ________________________________ Christian Tardif [email protected]<mailto:[email protected]> SVP, pensez à l’environnement avant d’imprimer ce message. ------ Message d'origine ------ De: "Christian Tardif" <[email protected]<mailto:[email protected]>> À: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Envoyé : 2020-04-23 00:13:04 Objet : Re[2]: Duo authentication issue The server where it resides right now (it's on a Kubernetes cluster) is about 1 minute 15 seconds ahead of the UTC right now. Is it too far from the "official" time? - Christian ------ Message d'origine ------ De: "Mike Jumper" <[email protected]<mailto:[email protected]>> À: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Envoyé : 2020-04-22 23:22:14 Objet : Re: Duo authentication issue On Wed, Apr 22, 2020, 20:05 Christian Tardif <[email protected]<mailto:[email protected]>> wrote: Hi, I'm using Guacamole 1.1.0 and I no longer can authenticate through Duo. I have set the debug level to try to figure out what's happening, and here's what I found: 02:52:44.270 [http-nio-8080-exec-6] DEBUG o.a.g.auth.duo.api.DuoService - Duo response contained expired cookie(s). 02:52:44.270 [http-nio-8080-exec-6] WARN o.a.g.e.AuthenticationProviderFacade - The "duo" authentication provider has encountered an internal error which will halt the authentication process. If this is unexpected or you are the developer of this authentication provider, you may wish to enable debug-level logging. If this is expected and you wish to ignore such failures in the future, please set "skip-if-unavailable: duo" within your guacamole.properties. Where should I look to solve this "expired cookie" in Duo response? Is your server's system clock out of sync? - Mike
