[GUACAMOLE-1780] TOTP and SAML auth cannot be used together - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: None
Fix Version/s: 1.6.0
Component/s: guacamole, guacamole-auth-saml, guacamole-auth-totp
Labels:
None

Description

An authentication attempt using both the SAML and TOTP auth providers together cannot succeed. Depending on the order that the extensions are loaded, the behavior may be an infinite loop between SAML provider redirects and TOTP codes, or the login attempt will just fail after both factors are provided.

The problem seems to be that both SAML and TOTP have replay attack preventions in place - meaning that after the SAML response is accepted, and the TOTP prompt is submitted, the original SAML response is no longer valid.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: James Muehlner

Votes:: 1 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 26/Apr/23 23:52

Updated:: 31/Oct/23 21:21

Resolved:: 31/Oct/23 21:21