I noticed there is a way to pass the username/password through to NLA and RDP connections to create a SSO like experience. It looks like I could use the variables GUAC_USERNAME and GUAC_PASSWORD. ( or something like that).
I'm using PrivacyIdea (fork of linotp) to handle my OTP requirements backed by ldap. So to signing, Id use username and password+OTP. Looking something like this. 'john.doe' 'secret123456'
This would get passed to NLA/RDP as "secret123456", which will not work. Most radius/otp solutions will allow you to add the OTP at the front or end of the PIN (password). Is there a way to pass this through while dropping the OTP? Perhaps creating a configuration option that could drop the "front or end by # character"?