James Muehlner created GUACAMOLE-1780:
-----------------------------------------
Summary: TOTP and SAML auth cannot be used together
Key: GUACAMOLE-1780
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1780
Project: Guacamole
Issue Type: Improvement
Components: guacamole-auth-saml, guacamole-auth-totp, guacamole-client
Reporter: James Muehlner
An authentication attempt using both the SAML and TOTP auth providers together
cannot succeed. Depending on the order that the extensions are loaded, the
behavior may be an infinite loop between SAML provider redirects and TOTP
codes, or the login attempt will just fail after both factors are provided.
The problem seems to be that both SAML and TOTP have replay attack preventions
in place - meaning that after the SAML response is accepted, and the TOTP
prompt is submitted, the original SAML response is no longer valid.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
