[GUACAMOLE-1762] TOTP does not work when multiple jdbc auth extensions in use - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: 1.5.0
Fix Version/s: None
Component/s: guacamole-auth-jdbc, guacamole-auth-totp
Labels:
None

Description

When the TOTP auth extension is used with a JDBC auth extension, a TOTP secret will be generated and stored for each user. However, if multiple different JDBC auth extensions are used simultaneously, a different key will be generated for each, only one of which will be presented in the UI for ingestion into a TOTP phone app or similar.

When attempting to authenticate, only the secret stored in the database that presented the secret in the UI will generate a matching code - the other one will never match, resulting in the auth attempt being rejected.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: James Muehlner

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 03/Apr/23 17:22

Updated:: 03/Apr/23 17:22