On Mon, Aug 15, 2022 at 19:27 Sean Hulbert <[email protected]> wrote:
> Thanks for this information. > > > > Let me add one more piece in, reason I mentioned RSA SecurID is the key > fob that changes the token every 60 seconds, the key fob is what I am > trying to sync to the MFA, would the method you mentioned below still work? > > > Yes, either the SSO or RADIUS protocol handles the conversation for the entry of the time-based token. In a previously life I used LinOTP with FreeRADIUS for this, with time-based FOBs and Google Authenticator, and it worked fine, both with Guacamole and other MFA requirements (Cisco AnyConnect). In my current day job I use RADIUS with Azure MFA and either the Authenticator app on a smart phone or a time-based token, and Guacamole uses either one without issue. The MFA programs usually have a little bit of a grace period to compensate for the latency in the time-based tokens - in LinOTP this was a configurable parameter. -Nick
