Hi Mike, I have checked the following:
1) Server's clock: NTP is enabled and the local time is in sync. For good measure, I changed the time zone to PST. 2) The only default option I changed was the "totp-issuer" setting. Best, Delvain Mbina Security Operations Engineer M: (209) 305-0215 The Save Mart Companies 1600 Yosemite Blvd., Modesto, CA 95354 -----Original Message----- From: Michael Jumper <mjum...@apache.org> Sent: Monday, August 14, 2023 8:46 PM To: user@guacamole.apache.org Subject: Re: TOTP Verification Failed During MFA Enrollment On 8/14/2023 2:29 PM, Delvain Mbina wrote: > Hello, > > My predecessor installed Apache Guacamole 1.0.0 onto a Centox box > which serves as our Bastion Host. We set up database-based > authentication (with Maria DB) and our users can authenticate > successfully. After some security assessments, we decided to implement > TOTP authentication for more secure access. About 3 months ago, we > installed and configured the TOTP extension (1.0.0) and we were able > to enroll our MFA device and authenticate with the TOTP code using > Google Authenticator. We have recently re-installed the extension by > following the same instructions but during the MFA enrollment, we kept > getting “Verification Failed. > Please try again”. I could see that my user registered as successfully > authenticated via "journalctl -u tomcat" using Google Authenticator. > If I remove the extension, everything works as expected. I just can't > seem to figure out how to get 2FA working again. Can you please help? > Check that: 1) Your server's clock is correct (if your server's clock is out of sync, it will generate incorrect codes) 2) You haven't overridden any of the default options used for TOTP, such as the hash, number of digits, or period (Google Authenticator will silently ignore these and generate invalid codes) - Mike --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
--------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
