You mean TOTP?
El 1 de julio de 2025 9:34:28 CEST, newslet...@tobiasmeier.dev.INVALID escribió: >Hi, > >When activating SSO and having set up TOPT for the admin account, signing-in >with SSO brings up a TOPT loginscreen from guacamole which cannot be >completed, due to the admin account although having TOPT, that's a different >user, so it did not work to complete TOPT for an SSO User. > >I already reported this problem a while ago and got confirmation that this >should already be fixed and released with 1.6.0 sadly it's still not working :/ > >Looking further in jira it seems to be that only SAML has been fixed. >https://www.mail-archive.com/user@guacamole.apache.org/msg13233.html > >or am I missing any new config options, that I have overlooked in release >announcements? > >It would be really nice to be able to have the admin Account secured with TOPT >and still have SSO users. > >My guacamole properties for OIDC setup: >``` >openid-authorization-endpoint: >https://auth.mydomain.dev/application/o/authorize/ >openid-client-id: XXXXX >openid-issuer: https://auth.mydomain.dev/application/o/guacamole/ >openid-jwks-endpoint: https://auth.mydomain.dev/application/o/guacamole/jwks/ >openid-redirect-uri: https://guac.mydomain.dev/guacamole >openid-scope: openid email profile >openid-username-claim-type: preferred_usernameextension-priority: *, openid >``` >I'd be happy to provide logs, but using >``` >systemctl stop guacd >/usr/local/sbin/guacd -L debug -f >``` >does not bring up any logs during sign-in. > >Let me know if this can be fixed in a similar way than SAML or if I should >request and Account and report this on jira. > >- Tobias > >Sent with [Proton Mail](https://pr.tn/ref/BTTM5JG4EZEG) secure email.
