So, LDAP was not configured BUT the extension was installed. It's now gone, and made some progress:
This error now comes back after I successfully approve the DUO push code: http://imgur.com/84SpPdD The error relates to the following piece of code : *- // If signed response does not verify this user's identity, abort auth - if (!duoWebService.isValidSignedResponse(authenticatedUser, signedResponse)) - throw new GuacamoleClientException("LOGIN.INFO_DUO_VALIDATION_CODE_INCORRECT");* Going to try and see if I can get more logs or find a clue on why it fails. Cheers Regards, Tomas Maggio +64 22 040 9517 On Fri, Mar 17, 2017 at 8:46 PM, Tomas Maggio <[email protected]> wrote: > Hi Mike, > > Yeah, I saw that and it's odd cause I'm not using LDAP. I'll double check > it's not enabled. > > I have the feeling that could be related to permissions from some file > related to the 2FA extension. I'm going to go over the documentation again > and make sure they have the right owners set. > > Cheers > > > On 17 Mar 2017 3:40 p.m., "Mike Jumper" <[email protected]> wrote: > > Hi Tomas, > > Judging from the other error, you are also configuring LDAP, correct? It > looks like you're missing one of the properties required for LDAP auth to > work, "ldap-user-base-dn": > > http://guacamole.incubator.apache.org/doc/gug/ldap-auth.html > > Are you using anything else besides Duo and LDAP? > > - Mike > > > On Wed, Mar 15, 2017 at 2:46 PM, Tomas Maggio <[email protected]> > wrote: > >> Hi, >> >> I've managed to configure *2FA* using the *Duo* documentation. In the >> environment that I installed Guacamole I use a reverse NGINX proxy (all >> setup as per documentation and seems to work perfectly before configuring >> 2FA). >> >> www ----> FW ----> Nginx ----> Tomcat/Guacamole >> >> This is the successful result of DUO: >> http://pix.toile-libre.org/upload/original/1489613233.png >> >> This is the response that I see in the browser: >> http://pix.toile-libre.org/upload/original/1489613315.png >> >> >> *Catalina* log shows: >> >> >> >> >> >> >> >> >> >> >> >> >> *Mar 16, 2017 10:39:52 AM org.webjars.servlet.WebjarsServlet doGetINFO: >> Webjars resource requested: >> /META-INF/resources/webjars/filesaver/1.3.3/FileSaver.min.jsMar 16, 2017 >> 10:39:52 AM org.webjars.servlet.WebjarsServlet doGetINFO: Webjars resource >> requested: >> /META-INF/resources/webjars/angular-module-shim/0.0.4/angular-module-shim.jsMar >> 16, 2017 10:40:10 AM com.sun.jersey.spi.container.ContainerResponse >> logExceptionSEVERE: Mapped exception to response: 500 (Internal Server >> Error)org.apache.guacamole.rest.APIException at >> org.apache.guacamole.rest.RESTExceptionWrapper.invoke(RESTExceptionWrapper.java:187) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:498) at >> com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)* >> >> Locahost *access* log (tomcat) shows: >> 192.168.2.184 - - [16/Mar/2017:10:39:52 +1300] "GET >> /guacamole/webjars/blob-polyfill/1.0.20150320/Blob.js HTTP/1.1" 200 6148 >> >> >> >> >> >> >> >> >> >> >> *192.168.2.184 - - [16/Mar/2017:10:39:52 +1300] "GET >> /guacamole/webjars/filesaver/1.3.3/FileSaver.min.js HTTP/1.1" 200 >> 2446192.168.2.184 - - [16/Mar/2017:10:39:52 +1300] "GET >> /guacamole/webjars/angular-module-shim/0.0.4/angular-module-shim.js >> HTTP/1.1" 200 774192.168.2.184 - - [16/Mar/2017:10:39:52 +1300] "GET >> /guacamole/app.js?v=0.9.11-incubating HTTP/1.1" 200 289363192.168.2.184 - - >> [16/Mar/2017:10:39:53 +1300] "GET /guacamole/api/patches HTTP/1.1" 200 >> 352192.168.2.184 - - [16/Mar/2017:10:39:53 +1300] "GET >> /guacamole/api/languages HTTP/1.1" 200 136192.168.2.184 - - >> [16/Mar/2017:10:39:53 +1300] "GET /guacamole/translations/en.json HTTP/1.1" >> 200 31949192.168.2.184 - - [16/Mar/2017:10:39:53 +1300] "POST >> /guacamole/api/tokens HTTP/1.1" 403 237192.168.2.184 - - >> [16/Mar/2017:10:40:00 +1300] "POST /guacamole/api/tokens HTTP/1.1" 403 >> 529192.168.2.184 - - [16/Mar/2017:10:40:10 +1300] "POST >> /guacamole/api/tokens HTTP/1.1" 500 211* >> Wonder if any of you guys saw anything like this or can point me in the >> right direction. >> >> >> Cheers, >> >> Tomas Maggio >> +64 22 040 9517 <+64%2022%20040%209517> >> > > >
