That's most peculiar. Generation of QR Code is done by the package
com.google.zxing.qrcode, Zxing being the most popular project for barcode
generation, so the issue is most likely not there.
Have you tried to use online decoders to see if they can read your QR codes,
and that it matches the keys and options? I tried with the sample you posted
originally, and it worked fine.
Stupid question: have you tried adding a new user on your current instance, and
see if the qr codes work?
And probably the most stupid question ever: are you sure your monitor is
working properly, and that the camera of the devices you try to read the codes
on are not damaged? Damaged enough to make the error correction of the codes
fail.
For easy use of extensions with Docker, there are plenty of unofficial images
where you just have to list the extensions you want in the docker-compose.With
the official image, you'll need to mount a local directory, and then place the
extensions in the appropriate place. See the documentation: Installing
Guacamole with Docker — Apache Guacamole Manual v1.5.3. Extensions will go in
the GUACAMOLE_HOME/extensions/ directory and guacamole.properties will be in
GUACAMOLE_HOME
Cheers
Antoine
Le vendredi 6 octobre 2023 à 08:49:22 UTC+2, Giacomo Marconi
<[email protected]> a écrit :
Hi Antoine
I have the same problem with defaults parameters (sha1)
The problem is only while scanning, if I copy and paste the secret key manually
in the apps, ALL apps are working.
I am actually testing Guacamole 1.5.3 on 2 systems with the same problem:
Ubuntu 22.0.4 host install from official docs
Debian 12 using the script https://github.com/itiligent/Guacamole-Install
I am also trying it on Alpine with docker, but I don’t understand how to right
popolate the guacamole.properties with docker-compose (especially extensions).
Next step is to test with Tomcat8.
The production system (1.1.0) has been working since 2020 with about 500 users.
I can’t migrate to the new and force people to use differents totp apps or
telling them to copy 56 chars :)
Giacomo
> On 5 Oct 2023, at 16:44, Antoine Besnier <[email protected]>
> wrote:
>
> Questa email arriva da un mittente insolito. Assicurati che sia qualcuno di
> cui ti fidi.
> Many TOTP code generation apps do not support anything else than SHA1 hash,
> even if the RFC recommends the use of SHA2 (SHA-256 or SHA-512).
> It is difficult to get the exact info by platform and by application. I found
> this article on the subject but it does not say what kind of non-default
> parameter makes an application fail: Laban Sköllermark | Mobile Authenticator
> Apps Algorithm Support Review - 2023 Edition (labanskoller.se)
>
> For example, I could scan your code with Authy, MS Authenticator and Google
> Authenticator on Android. Authy and MSA generated the same code, but not
> Google. I do not know which one is correct (I could test on my Guacamole but
> do not want to get locked out...)
>
> If you want maximum compatibility, stay with sha1. The expiration of the time
> based codes more than compensates for the "lower" security of sha1.
>
> Cheers
> Antoine
>
> (PS: if you see some connection attempts from France, blame me, I could not
> resist giving it try...)
>
> Le jeudi 5 octobre 2023 à 14:53:00 UTC+2, Giacomo Marconi
> <[email protected]> a écrit :
>
>
> hi Nick
>
> I’ve already tried default settings, and checked the time/date
>
> Giacomo
>
>> On 5 Oct 2023, at 14:38, Nick Couchman <[email protected]> wrote:
>>
>> Questa email arriva da un mittente insolito. Assicurati che sia qualcuno di
>> cui ti fidi.
>> On Thu, Oct 5, 2023 at 8:03 AM Giacomo Marconi <[email protected]>
>> wrote:
>> Hi All
>>
>> in my last Guacamole installation ver 1.5.3), the QR Code generated seems to
>> be wrong.
>> The same TOTP App works only on one platform, for example Google
>> Authenticator read the qr code in Android, but not in IOS. FreeOTP is
>> working in IOS, but not in Android!
>> As you can see in the attachment the Secret Key is strangely long.
>> I’ve tried to change the plugin (1.5.3/1.5.2/1.5.1) and the java (Oracle JKD
>> and openJDK) versions, without success.
>>
>> Is it already happened to someone ?
>>
>>
>> I think the usual questions that come up are:
>> * Are you trying to change any of the parameters related to TOTP, or are you
>> using the defaults (digits, time, etc.)?
>> * Have you verified that the clock on your Guacamole server(s) and your
>> mobile devices are in sync?
>>
>> -Nick
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
