guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From beezel <monster...@gmail.com>
Subject Duo failing at "Success! Logging you in..." with 400 Bad Request
Date Tue, 31 Oct 2017 19:17:55 GMT
I'm still running 9.12, so I hope that I am not shooting myself in the foot
with this already (and the Duo jar is also 9.12).

We have Guac successfully installed on centos 7, and have configured it
according to the official docs, using AJP to forward from Apache back to
Tomcat and also using 443 to 8443 and 80 to 8443 in our server.xml tomcat
configuration.

Guac is working fine, until we attempt to use Duo.

I followed this guide
https://www.cb-net.co.uk/linux/enabling-duo-dual-multi-factor-authentication-mfa-for-guacamole-docker/
to setup Duo with Web SDK access, and everything 'appears' to work. IE, in
Duo I see users register, I get push notifications, and you get a successful
login and our Guac page acknowledges when you accept the 2FA via Duo Mobile.

However, it just hangs there at "Success! Logging you in..."

Console view shows:
POST https://remote.domain.com/api/tokens 400 (Bad Request) angular.js:9902 

In Chrome DevTools Network, I also see: 

invalid	(failed)		VM1051 preauth.js?v=31dcc:1


To make sure it wasn't some redirect problem, I am accessing it internally
(no firewall) and have disabled the 443->8443 and 80->8443 redirects that
were present in my server.xml. I am also trying to use
https://remote.domain.com:8443/ specifically to bypass any redirection
issues.

I did setup mod_proxy_wstunnel just to be safe - but we're using the Web SDK
which I do not think uses this method.

It seems to be that /api/tokens is not accessible (I see 403 Forbiddens to
that url when logging in).

When removing the duo.jar and commenting out the duo- lines in
guacamole.properties I still receive the /api/tokens 403 Forbidden when
loading the guac login page, but everything works successfully, so I am
unsure if this is related or not.

Any suggestions?



--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/

Mime
View raw message