Currently, Guacamole's authentication extensions will explicitly fail with exceptions when upstream server expectations fail, such as when the LDAP server goes down, the MySQL / PostgreSQL database becomes unavailable, etc. If this happens, processing of other extensions halts (as any exceptions aborts the authentication process), and it becomes impossible to log into Guacamole until the problem is resolved.
While it made sense for LDAP and other extensions to abort authentication entirely in cases back when Guacamole could only use one authentication mechanism at a time, there is no need for this to still be the case. Servers with multiple authentication mechanisms enabled should be able to rely on remaining mechanisms to succeed if one mechanism goes down.
- Multi-factor authentication extensions (currently Duo and TOTP) should always either 100% work or block authentication entirely (failure of the secondary authentication factor shouldn't result in the removal of that factor, as that would present a security problem).
- If configured to do so, normal authentication extensions (LDAP, MySQL, PostgreSQL, etc.) should log failures but otherwise behave as if the extension is not installed, thus allowing other authentication mechanisms to continue working. If not configured in this way, Guacamole's existing all-or-nothing behavior should continue as the safe default.