[
https://issues.apache.org/jira/browse/GUACAMOLE-1955?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17850514#comment-17850514
]
scpcom commented on GUACAMOLE-1955:
-----------------------------------
I implemented a first functional draft here:
[https://github.com/scpcom/guacamole-client/tree/guacamole-auth-totp-privacyidea-push]
It is not a separate extension yet, just added it to totp.
Before you can compile it you must add the privacyidea-java-client to your
local repository:
cd ~
mkdir privacyidea-java-client-v1.2.2
cd privacyidea-java-client-v1.2.2
wget -N
https://github.com/privacyidea/java-client/releases/download/v1.2.2/privacyidea-java-client-v1.2.2.jar
wget -N https://raw.githubusercontent.com/privacyidea/privacyidea/v3.9.3/LICENSE
mvn install:install-file \
-Dfile=privacyidea-java-client-v1.2.2.jar \
-DgroupId=org.privacyidea \
-DartifactId=privacyidea-java-client \
-Dversion=1.2.2 \
-Dpackaging=jar \
-DgeneratePom=true
cd ..
I did not find out how to add the privacyidea-java-client license information
to guacamole-client. For the test you can disable the check in the
guacamole-client build config:
sed -i
's|<ignoreLicenseErrors>false</ignoreLicenseErrors>|<ignoreLicenseErrors>true</ignoreLicenseErrors>|g'
pom.xml
Once you added the extension to your guacamole instance you can add your
privacyIDEA server to guacamole.properties:
{code:java}
privacyidea-host: https://myprivacyidea.example{code}
If the user gets asked for the OTP and leaves the field empty, a push
confirmation is requested instead.
> Auth extension for privacyIDEA push two-factor authentication
> -------------------------------------------------------------
>
> Key: GUACAMOLE-1955
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1955
> Project: Guacamole
> Issue Type: Wish
> Components: guacamole-client
> Reporter: scpcom
> Priority: Major
>
> With privacyIDEA you can implement push two-factor authentication on your own
> server.
> I would like to add this as auth extension for guacamole.
> The implementation may be quite simple. Here is a demonstration how it works
> with curl.
> First the server (guacamole) tells privacyIDEA to ask the user jon.doe to
> accept the login on the mobile device:
> {code:java}
> transaction_id=`curl -k --silent --request POST --data
> "realm=defrealm&user=jon.doe&pass="
> https://myprivacyidea.example/validate/check | jq .detail.transaction_id |
> cut -d '"' -f 2`{code}
> Next the server (guacamole) has to wait until the result of this request is
> "ACCEPT"
> {code:java}
> curl -k --silent --request GET --data "transaction_id=$transaction_id"
> https://myprivacyidea.example/validate/polltransaction | jq
> .result.authentication{code}
> You can find a Java example on the official java-client here:
> [https://github.com/privacyidea/java-client/blob/master/src/test/java/org/privacyidea/TestPollTransaction.java]
> I tried to modify a copy of extensions/guacamole-auth-duo and
> extensions/guacamole-auth-totp to understand how to implement it but did not
> have success yet.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
