Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-1233

Add UI support for TOTP resets

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Duplicate
    • 1.1.0, 1.2.0
    • None
    • guacamole-auth-totp, guacamole-client
    • None

    Description

      Currently there is no functionality in the UI to reset a user's TOTP enrollment. If a user changes devices or uninstalls the TOTP application from their phone etc., Guacamole administrators have no UI for clearing the TOTP secret from the database so users can re-enroll. In a larger deployment this is of course a significant support scenario and a supportability concern as no UI for it exists.

       

      Ideally the "edit user" page should contain a button such as "Reset TOTP" that would allow an administrator to clear the user's TOTP enrollment from the guacamole_user_attribute table.

       

      My personal solution to this issue was a bash script that directly executes SQL against the Guacamole database (which obviously requires shell access to the database server) and a custom web server/-ice that provides a web interface to do the same with LDAP (AD) integrated login (as I can't write Java I couldn't implement this directly into Guacamole).

      Attachments

        Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. GUACAMOLE-770 Allow for clearing TOTP Data in Admin Interface

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              Unassigned Unassigned
              jootuom Joonas Tuomisto
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: