guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rajesh Mohan <Rajesh.Mo...@infosys.com>
Subject RE: How to authenticate the guacamole Webapp using duo authentication
Date Wed, 22 Aug 2018 16:53:15 GMT
Hi Nick,

Yes we are using the same guacamole 0.9.14 Version in our setup and also we can able to see
the login prompt was working with LDAP Authentication but post that do we have any authentication
mechanism to get the passcode from the duo to register and to access the guacamole console.

https://guacamole.apache.org/doc/gug/duo-auth.html

Followed the above mentioned link to register the guacamole authentication via duo but facing
the issue when I login as “21:09:17.826 [http-bio-8080-exec-2] DEBUG o.a.g.auth.duo.api.DuoService
- Duo response is not in correct format”

I have no idea what the "pushinfo" and "autopush" options are - unless you've modified the
Duo code yourself to pay attention to these options, there's no record of them in the Guacamole
documentation, so they will have no effect.

I have not done any modifications in the duo code and also even removing the pushinfo and
autopush entries I am facing the same issue.  As per the above comment can you please provide
any link for the exact Guacamole documentation to authenticate the apache guacamole console
via duo which will be much more helpful for us.

Regards,
Rajesh Mohan

From: vnick [via Apache Guacamole - General/User Mailing List] <ml+s2363388n3880h49@n4.nabble.com>
Sent: Wednesday, August 22, 2018 6:14 PM
To: Rajesh Mohan <Rajesh.Mohan@infosys.com>
Subject: Re: How to authenticate the guacamole Webapp using duo authentication

On Tue, Aug 21, 2018 at 5:17 PM Rajesh Mohan <[hidden email]</user/SendEmail.jtp?type=node&node=3880&i=0>>
wrote:
Hi Team,

I am facing an issue were the guacamole MFA authentication were not working via the guacamole
duo .

My Requirement is to enable 2-way authentication to take the sessions in the apache guacamole
.  Using AD Account and post that Duo Verification must be done .

What version of Guacamole are you using?  Are the Guacamole WAR file and extensions all the
same version, and obtained from the same location/build?


But with the below mentioned guacamole properties entries the login was successful till AD
Authentication but the Duo was not able to pursue .

Can you please help us what needs to be changed/modified for the proper authentication.

Cat /etc/guacamole/guacamole.properties
guacd-hostname: localhost
guacd-port:    4822

auth-provider:    net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider
lib-directory:    /etc/guacamole/extensions/

Both of these options have been removed and have absolutely no effect on functionality.


# LDAP properties
ldap-hostname:           LDAP-HOSTNAME
ldap-port:               389
ldap-encryption-method:  none
ldap-user-base-dn:      dc=*******,dc=com
ldap-search-bind-dn:    CN=*******,OU=SPL,OU=Users,OU=DCM,DC=********,DC=com
ldap-search-bind-password:      ********
ldap-username-attribute: uid

# Guacamole-duo Configuration Properties

duo-api-hostname: ***********************
duo-integration-key: ***********************
duo-secret-key: ***********************
duo-application-key: ***********************
pushinfo:       yes
autopush:       yes

I have no idea what the "pushinfo" and "autopush" options are - unless you've modified the
Duo code yourself to pay attention to these options, there's no record of them in the Guacamole
documentation, so they will have no effect.

Can you also check the Chrome/Firefox/IE developer console while this is happening and see
if there are any errors in it?

-Nick

________________________________
If you reply to this email, your message will be added to the discussion below:
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/How-to-authenticate-the-guacamole-Webapp-using-duo-authentication-tp3877p3880.html<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fapache-guacamole-general-user-mailing-list.2363388.n4.nabble.com%2FHow-to-authenticate-the-guacamole-Webapp-using-duo-authentication-tp3877p3880.html&data=01%7C01%7CRajesh.Mohan%40infosys.com%7C3f1fe712895146a43a4708d6082d08c4%7C63ce7d592f3e42cda8ccbe764cff5eb6%7C1&sdata=ZBsiXGidsec8Lj%2FHYp9sqO%2BgO9nP7T4ZpY7zzjWMsUw%3D&reserved=0>
To start a new topic under Apache Guacamole - General/User Mailing List, email ml+s2363388n1h0@n4.nabble.com<mailto:ml+s2363388n1h0@n4.nabble.com>
To unsubscribe from Apache Guacamole - General/User Mailing List, click here<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fapache-guacamole-general-user-mailing-list.2363388.n4.nabble.com%2Ftemplate%2FNamlServlet.jtp%3Fmacro%3Dunsubscribe_by_code%26node%3D1%26code%3DUmFqZXNoLk1vaGFuQGluZm9zeXMuY29tfDF8OTgyNjE1MzY2&data=01%7C01%7CRajesh.Mohan%40infosys.com%7C3f1fe712895146a43a4708d6082d08c4%7C63ce7d592f3e42cda8ccbe764cff5eb6%7C1&sdata=%2FaXPfOffhTaDhT4nuU8SvrcOsqk49s%2BmleXL%2FzG3e%2B0%3D&reserved=0>.
NAML<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fapache-guacamole-general-user-mailing-list.2363388.n4.nabble.com%2Ftemplate%2FNamlServlet.jtp%3Fmacro%3Dmacro_viewer%26id%3Dinstant_html%2521nabble%253Aemail.naml%26base%3Dnabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace%26breadcrumbs%3Dnotify_subscribers%2521nabble%253Aemail.naml-instant_emails%2521nabble%253Aemail.naml-send_instant_email%2521nabble%253Aemail.naml&data=01%7C01%7CRajesh.Mohan%40infosys.com%7C3f1fe712895146a43a4708d6082d08c4%7C63ce7d592f3e42cda8ccbe764cff5eb6%7C1&sdata=f317Vh3EgnZkT6KKVA3jK7aFsIeSiC%2FA2OS3jzEMMEg%3D&reserved=0>
Mime
View raw message