[jira] [Commented] (GUACAMOLE-1878) TOTP Authentication - Add documentation relating to usage with docker

Wed, 08 Nov 2023 09:22:10 -0800 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17784149#comment-17784149
 ] 

Mike Jumper commented on GUACAMOLE-1878:
----------------------------------------

{quote}
As soon as I remove TZ environement variable the TOTP fails (host is GMT+2 btw) 
consistently. Just a thought but maybe it's something further up the validation 
sequence. As in the totp code is validated and the response comes ok but it 
comes "too late" or "too early" if the TZ is wrong?
{quote}

No, the only comparison is whether the code is valid. The authentication device 
and Guacamole use the same algorithm, key, and a rounded timestamp to produce 
an authentication code. If the codes are the same, MFA passes. If not, MFA 
fails. There's no time comparison, and the nature of the timestamp ensures 
timezone is not a factor. The value of the overall system timestamp does not 
vary by the value of {{TZ}}.

There must be some factor contributing to the behavior you're seeing, but it is 
impossible for that behavior to be that the system timezone affects generated 
TOTP codes. That would imply a fairly huge bug in the JVM.

> TOTP Authentication - Add documentation relating to usage with docker
> ---------------------------------------------------------------------
>
>                 Key: GUACAMOLE-1878
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1878
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: Documentation
>            Reporter: Bogdan Tomasciuc
>            Priority: Trivial
>             Fix For: 1.5.4
>
>
> The documentation is missing the actual steps to enable and configure the 
> TOTP extension while using docker. Similarly to the passed environment 
> variables and the documentation about how the image works with other 
> extensions it should also contain a section about configuring and working 
> with the TOTP extension. Through my own trials I have found that enabling the 
> TOTP extension is accomplished by adding the environment variable 
> {{TOTP_ENABLED="true"}}. -But this alone, depending on your timezone, might 
> make the extension work unreliably. To make the codes work reliably the 
> timezone must be set on the containers using the variable TZ as in 
> TZ="Europe/Bucharest".-



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to