Hi, When activating SSO and having set up TOPT for the admin account, signing-in with SSO brings up a TOPT loginscreen from guacamole which cannot be completed, due to the admin account although having TOPT, that's a different user, so it did not work to complete TOPT for an SSO User.
I already reported this problem a while ago and got confirmation that this should already be fixed and released with 1.6.0 sadly it's still not working :/ Looking further in jira it seems to be that only SAML has been fixed. https://www.mail-archive.com/user@guacamole.apache.org/msg13233.html or am I missing any new config options, that I have overlooked in release announcements? It would be really nice to be able to have the admin Account secured with TOPT and still have SSO users. My guacamole properties for OIDC setup: ``` openid-authorization-endpoint: https://auth.mydomain.dev/application/o/authorize/ openid-client-id: XXXXX openid-issuer: https://auth.mydomain.dev/application/o/guacamole/ openid-jwks-endpoint: https://auth.mydomain.dev/application/o/guacamole/jwks/ openid-redirect-uri: https://guac.mydomain.dev/guacamole openid-scope: openid email profile openid-username-claim-type: preferred_usernameextension-priority: *, openid ``` I'd be happy to provide logs, but using ``` systemctl stop guacd /usr/local/sbin/guacd -L debug -f ``` does not bring up any logs during sign-in. Let me know if this can be fixed in a similar way than SAML or if I should request and Account and report this on jira. - Tobias Sent with [Proton Mail](https://pr.tn/ref/BTTM5JG4EZEG) secure email.
