Hi Lorenzo, I have experienced this situation in both versions 1.4.0 and 1.5.0. For my case, the TOTP doesn't appear to be fully activating when it uses the SSO authentication method. After trying a new session, it still prompts to setup the TOTP code and the user account does not have the flag set for "TOTP key confirmed". I can manually set a password for a SSO account and login using the traditional login menu. That allows the TOTP code to be confirmed and works through the non-SSO login. However, when attempting the SSO login with the same account and confirmed OTP code, it still has the error when logging in.
Thanks! -Tyler On Tue, Feb 28, 2023 at 12:34 AM MAURIZI Lorenzo < [email protected]> wrote: > Tyler, > > I noticed a similar behaviour in guacamole 1.4.0: after setting for the > first time the TOTP with the QR Code, the subsequent login attempt fails. > > In my case I just need to close the browser and make login again: you will > be asked for an OTP code (the TOTP was correctly activated in the previous > login attempt) and the login succeeds. > > > > Regards. > > Lorenzo > > > > > > *Da:* Tyler Hale <[email protected]> > *Inviato:* lunedì 27 febbraio 2023 18:27 > *A:* [email protected] > *Oggetto:* Issue with SSO (SAML) Login with TOTP Extension > > > > Hello, I am having an issue configuring Apache Guacamole when SAML and > TOTP are both enabled. The backend for the server is using MariaDB with the > MySQL connector. I am using SAML SSO to Azure AD which signs in > successfully when the TOTP module is not enabled. The TOTP module works > with a local user that is not using SSO. > > > > When the TOTP module is enabled, the SAML login completes and redirects to > the screen for setting up a TOTP code. When you enter the TOTP code, it > returns a 403 invalid login response. I have the 403 response below along > with the debug logs that happen during the TOTP authentication attempt. > > > > 403 POST https://remote.redacted.com/api/tokens > > Response: {"message":"Invalid > login","translatableMessage":{"key":"APP.TEXT_UNTRANSLATED","variables":{"MESSAGE":"Invalid > login"}},"statusCode":null,"expected":[{"name":"username","type":"USERNAME"},{"name":"password","type":"PASSWORD"}],"type":"INVALID_CREDENTIALS"} > > > > Debug logs: https://pastebin.com/GPCwP5Fk > > guacamole.properties: https://pastebin.com/DDtB1F8e > > > > Any help would be much appreciated. Thanks! > > > > > > -Tyler Hale >
