[
https://issues.apache.org/jira/browse/GUACAMOLE-1955?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17853309#comment-17853309
]
scpcom commented on GUACAMOLE-1955:
-----------------------------------
I created an independent extension now:
[https://github.com/scpcom/guacamole-client/tree/guacamole-auth-privacyidea-push-totp/extensions/guacamole-auth-privacyidea]
The code is based on guacamole-auth-totp and my work above.
Currently it provides Push Authentication and TOTP managed and checked by
privacyIDEA.
Todo:
* UI improvements like
** automatically continue the login if the user accepted the push auth
** maybe let the user choose the auth type or allow the admin force a default
method via guacamole web if
* Add an option to set a privileged privacyIDEA user in guacamole.properties:
This would make it possible
** to get a QR code from privacyIDEA and show it to the user on first login.
** to migrate the TOTP keys from guacamole db to privacyIDEA
** Remove the unused totp generator
> Auth extension for privacyIDEA push two-factor authentication
> -------------------------------------------------------------
>
> Key: GUACAMOLE-1955
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1955
> Project: Guacamole
> Issue Type: Wish
> Components: guacamole-client
> Reporter: scpcom
> Priority: Major
>
> With privacyIDEA you can implement push two-factor authentication on your own
> server.
> I would like to add this as auth extension for guacamole.
> The implementation may be quite simple. Here is a demonstration how it works
> with curl.
> First the server (guacamole) tells privacyIDEA to ask the user jon.doe to
> accept the login on the mobile device:
> {code:java}
> transaction_id=`curl -k --silent --request POST --data
> "realm=defrealm&user=jon.doe&pass="
> https://myprivacyidea.example/validate/check | jq .detail.transaction_id |
> cut -d '"' -f 2`{code}
> Next the server (guacamole) has to wait until the result of this request is
> "ACCEPT"
> {code:java}
> curl -k --silent --request GET --data "transaction_id=$transaction_id"
> https://myprivacyidea.example/validate/polltransaction | jq
> .result.authentication{code}
> You can find a Java example on the official java-client here:
> [https://github.com/privacyidea/java-client/blob/master/src/test/java/org/privacyidea/TestPollTransaction.java]
> I tried to modify a copy of extensions/guacamole-auth-duo and
> extensions/guacamole-auth-totp to understand how to implement it but did not
> have success yet.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
