We're using Guacamole Auth ldap and then map returned groups with existing mysql groups to assign profiles.
Now, we want to ask for TOTP to our central server that is reachable by radius.
So, I have enabled auth-jdbc, auth-ldap and auth-radius
With username+pass (ldap), I access to my AD group profile.
With username+otp or username+pass+otp (radius), I have an empty profile because no groups are returned by radius.
Is it possible to force a second auth after LDAP (returning GuacamoleInsufficientCredentialsException) so that we can ask for OTP after LDAP.
Guacamole TOTP is great but not centralized and I don't want to ask my users to register a new Token for each application.
Thanks a lot for this great product