[GUACAMOLE-1855] Allow MFA to be bypassed or enforced based on client IP - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: In Progress
Priority: Trivial
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: 1.6.0
Component/s: Documentation, guacamole-auth-duo, guacamole-auth-totp
Labels:
None

Description

There are situations where it may be desirable to host a single Guacamole Client instance that provides services to users who are accessing the system via a direct Internet connection, and, at the same time, users who are logging in from "inside" a network - either at a dedicate an office, or through a VPN, where the MFA requirement has already been enforced.

I'm proposing adding options for the Duo and TOTP modules that allow for either bypassing the MFA requirement for users logging in via a list of hosts, or, alternatively, explicitly specifying the hosts from which logins would require MFA, and not requiring it from other hosts.

Pull request to come.

Attachments

Activity

People

Assignee:: Nick Couchman

Reporter:: Nick Couchman

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 26/Sep/23 23:19

Updated:: 01/Apr/24 15:18