Karsten created GUACAMOLE-1942:
----------------------------------
Summary: First user login with enforced option "password expired"
not working due to sessionproblem
Key: GUACAMOLE-1942
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1942
Project: Guacamole
Issue Type: Bug
Components: guacamole
Affects Versions: 1.5.5
Environment: GUACD-INTRANET-SERVER:
OS: Linux rdg-dev 5.10.0-28-amd64 #1 SMP Debian 5.10.209-2 (2024-01-31) x86_64
GNU/Linux
GUACD: Guacamole proxy daemon (guacd) version 1.5.5
TOMCAT-DMZ-SERVER:
OS: Linux rdg-dev 5.10.0-28-amd64 #1 SMP Debian 5.10.209-2 (2024-01-31) x86_64
GNU/Linux
TOMCAT: tomcat9 9.0.43-2~deb11u9 all
Apache Tomcat 9 - Servlet and JSP engine
JAVA: openjdk version "11.0.22" 2024-01-16
OpenJDK Runtime Environment (build 11.0.22+7-post-Debian-1deb11u1)
OpenJDK 64-Bit Server VM (build 11.0.22+7-post-Debian-1deb11u1, mixed
mode, sharing)
Reporter: Karsten
Hello,
for onboarding purpose we set the checkbox „password is expired“ to force new
users to change their initial password to a custom one. We also enforce totp.
Problem since a few versions:
user signs in with initial password a
user forced to change password a to a custom password b
user pairs totp to authenticator
user gets redirected to login panel
login with password a and b not working
Only using incognito or a newly opened browserwindow made it possible to login
with password b - session problem?
Now password b is working but the otp dialog requires confirmation again with
entering totp code (setup window with qr code is shown)
It worked until some versions ago.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
