Nick Couchman created GUACAMOLE-1855:
----------------------------------------
Summary: Allow MFA to be bypassed or enforced based on client IP
Key: GUACAMOLE-1855
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1855
Project: Guacamole
Issue Type: New Feature
Components: Documentation, guacamole-auth-duo, guacamole-auth-totp
Reporter: Nick Couchman
Assignee: Nick Couchman
There are situations where it may be desirable to host a single Guacamole
Client instance that provides services to users who are accessing the system
via a direct Internet connection, and, at the same time, users who are logging
in from "inside" a network - either at a dedicate an office, or through a VPN,
where the MFA requirement has already been enforced.
I'm proposing adding options for the Duo and TOTP modules that allow for either
bypassing the MFA requirement for users logging in via a list of hosts, or,
alternatively, explicitly specifying the hosts from which logins would require
MFA, and not requiring it from other hosts.
Pull request to come.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
