I'm still running 9.12, so I hope that I am not shooting myself in the foot with this already (and the Duo jar is also 9.12).
We have Guac successfully installed on centos 7, and have configured it according to the official docs, using AJP to forward from Apache back to Tomcat and also using 443 to 8443 and 80 to 8443 in our server.xml tomcat configuration. Guac is working fine, until we attempt to use Duo. I followed this guide https://www.cb-net.co.uk/linux/enabling-duo-dual-multi-factor-authentication-mfa-for-guacamole-docker/ to setup Duo with Web SDK access, and everything 'appears' to work. IE, in Duo I see users register, I get push notifications, and you get a successful login and our Guac page acknowledges when you accept the 2FA via Duo Mobile. However, it just hangs there at "Success! Logging you in..." Console view shows: POST https://remote.domain.com/api/tokens 400 (Bad Request) angular.js:9902 In Chrome DevTools Network, I also see: invalid (failed) VM1051 preauth.js?v=31dcc:1 To make sure it wasn't some redirect problem, I am accessing it internally (no firewall) and have disabled the 443->8443 and 80->8443 redirects that were present in my server.xml. I am also trying to use https://remote.domain.com:8443/ specifically to bypass any redirection issues. I did setup mod_proxy_wstunnel just to be safe - but we're using the Web SDK which I do not think uses this method. It seems to be that /api/tokens is not accessible (I see 403 Forbiddens to that url when logging in). When removing the duo.jar and commenting out the duo- lines in guacamole.properties I still receive the /api/tokens 403 Forbidden when loading the guac login page, but everything works successfully, so I am unsure if this is related or not. Any suggestions? -- Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
