James Muehlner created GUACAMOLE-1780: -----------------------------------------
Summary: TOTP and SAML auth cannot be used together Key: GUACAMOLE-1780 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1780 Project: Guacamole Issue Type: Improvement Components: guacamole-auth-saml, guacamole-auth-totp, guacamole-client Reporter: James Muehlner An authentication attempt using both the SAML and TOTP auth providers together cannot succeed. Depending on the order that the extensions are loaded, the behavior may be an infinite loop between SAML provider redirects and TOTP codes, or the login attempt will just fail after both factors are provided. The problem seems to be that both SAML and TOTP have replay attack preventions in place - meaning that after the SAML response is accepted, and the TOTP prompt is submitted, the original SAML response is no longer valid. -- This message was sent by Atlassian Jira (v8.20.10#820010)