Tyler, I noticed a similar behaviour in guacamole 1.4.0: after setting for the first time the TOTP with the QR Code, the subsequent login attempt fails. In my case I just need to close the browser and make login again: you will be asked for an OTP code (the TOTP was correctly activated in the previous login attempt) and the login succeeds.
Regards. Lorenzo Da: Tyler Hale <[email protected]> Inviato: lunedì 27 febbraio 2023 18:27 A: [email protected] Oggetto: Issue with SSO (SAML) Login with TOTP Extension Hello, I am having an issue configuring Apache Guacamole when SAML and TOTP are both enabled. The backend for the server is using MariaDB with the MySQL connector. I am using SAML SSO to Azure AD which signs in successfully when the TOTP module is not enabled. The TOTP module works with a local user that is not using SSO. When the TOTP module is enabled, the SAML login completes and redirects to the screen for setting up a TOTP code. When you enter the TOTP code, it returns a 403 invalid login response. I have the 403 response below along with the debug logs that happen during the TOTP authentication attempt. 403 POST https://remote.redacted.com/api/tokens Response: {"message":"Invalid login","translatableMessage":{"key":"APP.TEXT_UNTRANSLATED","variables":{"MESSAGE":"Invalid login"}},"statusCode":null,"expected":[{"name":"username","type":"USERNAME"},{"name":"password","type":"PASSWORD"}],"type":"INVALID_CREDENTIALS"} Debug logs: https://pastebin.com/GPCwP5Fk guacamole.properties: https://pastebin.com/DDtB1F8e Any help would be much appreciated. Thanks! -Tyler Hale
