Hi Is there any more info needed to tackle this for the guacamole devs?
Thanks! Sent with [Proton Mail](https://pr.tn/ref/BTTM5JG4EZEG) secure email. On Wednesday, July 2nd, 2025 at 07:07, newslet...@tobiasmeier.dev.INVALID <newslet...@tobiasmeier.dev.INVALID> wrote: > Yes. > On Tuesday, July 1st, 2025 at 12:42, marki <jm+guacam...@roth.lu> wrote: > >> You mean TOTP? >> >> El 1 de julio de 2025 9:34:28 CEST, newslet...@tobiasmeier.dev.INVALID >> escribió: >> >>> Hi, >>> >>> When activating SSO and having set up TOPT for the admin account, >>> signing-in with SSO brings up a TOPT loginscreen from guacamole which >>> cannot be completed, due to the admin account although having TOPT, that's >>> a different user, so it did not work to complete TOPT for an SSO User. >>> >>> I already reported this problem a while ago and got confirmation that this >>> should already be fixed and released with 1.6.0 sadly it's still not >>> working :/ >>> >>> Looking further in jira it seems to be that only SAML has been fixed. >>> https://www.mail-archive.com/user@guacamole.apache.org/msg13233.html >>> >>> or am I missing any new config options, that I have overlooked in release >>> announcements? >>> >>> It would be really nice to be able to have the admin Account secured with >>> TOPT and still have SSO users. >>> >>> My guacamole properties for OIDC setup: >>> ``` >>> openid-authorization-endpoint: >>> https://auth.mydomain.dev/application/o/authorize/ >>> openid-client-id: XXXXX >>> openid-issuer: https://auth.mydomain.dev/application/o/guacamole/ >>> openid-jwks-endpoint: >>> https://auth.mydomain.dev/application/o/guacamole/jwks/ >>> openid-redirect-uri: https://guac.mydomain.dev/guacamole >>> openid-scope: openid email profile >>> openid-username-claim-type: preferred_usernameextension-priority: *, openid >>> ``` >>> I'd be happy to provide logs, but using >>> ``` >>> systemctl stop guacd >>> /usr/local/sbin/guacd -L debug -f >>> ``` >>> does not bring up any logs during sign-in. >>> >>> Let me know if this can be fixed in a similar way than SAML or if I should >>> request and Account and report this on jira. >>> >>> - Tobias >>> >>> Sent with [Proton Mail](https://pr.tn/ref/BTTM5JG4EZEG) secure email.
