[
https://issues.apache.org/jira/browse/GUACAMOLE-2105?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Melvin Schmidt updated GUACAMOLE-2105:
--------------------------------------
Description:
We are currently experiencing a reproducible issue with Apache Guacamole
version 1.6.0 running on Debian 12 when creating new users. The login and TOTP
setup flow appears to be broken. The following sequence of events describes the
problem:
# A new user is created via the Guacamole admin interface.
# The user logs in for the first time and is prompted to set a new password.
# After setting the new password, the user is prompted to configure TOTP
(two-factor authentication).
# Once the TOTP setup is complete, there is a login error, and the user ist
redirected to the login page.
# Upon entering the newly set password the login fails with a “Verification
failed” error.
# After this failed login, the page results in a state where no login (for any
user) is possible.
# Only after reloading again and logging in with the newly set password is
possible.
# The user is prompted to set up TOTP again – the previously configured TOTP
is no longer valid.
# After the second TOTP setup, the user can log in successfully, and the
system behaves as expected from that point onward.
We would appreciate any guidance on how to resolve this issue or if this is a
known bug in version 1.6.0.
Thank you!
was:
We are currently experiencing a reproducible issue with Apache Guacamole
version 1.6.0 running on Debian 12 when creating new users. The login and TOTP
setup flow appears to be broken. The following sequence of events describes the
problem:
# A new user is created via the Guacamole admin interface.
# The user logs in for the first time and is prompted to set a new password.
# After setting the new password, the user is prompted to configure TOTP
(two-factor authentication).
# Once the TOTP setup is complete, there is a login error, and the user ist
redirected to the login page.
# Upon entering the newly set password the login fails with a “Verification
failed” error.
# After this failed login, the page results in a state where no login (for any
user) is possible.
# Only after reloading again and logging in with the newly set password is
possible.
# The user is prompted to set up TOTP again – the previously configured TOTP
is no longer valid.
# After the second TOTP setup, the user can log in successfully, and the
system behaves as expected from that point onward.
We would appreciate any guidance on how to resolve this issue or if this is a
known bug in version 1.6.0.
Thank you!
> Issue with New User Login – TOTP Setup Causes Initial Login Failure in
> Guacamole 1.6.0 (Debian 12)
> --------------------------------------------------------------------------------------------------
>
> Key: GUACAMOLE-2105
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-2105
> Project: Guacamole
> Issue Type: Bug
> Affects Versions: 1.6.0
> Environment: Linux Debian 12
> Reporter: Melvin Schmidt
> Priority: Major
>
> We are currently experiencing a reproducible issue with Apache Guacamole
> version 1.6.0 running on Debian 12 when creating new users. The login and
> TOTP setup flow appears to be broken. The following sequence of events
> describes the problem:
> # A new user is created via the Guacamole admin interface.
> # The user logs in for the first time and is prompted to set a new password.
> # After setting the new password, the user is prompted to configure TOTP
> (two-factor authentication).
> # Once the TOTP setup is complete, there is a login error, and the user ist
> redirected to the login page.
> # Upon entering the newly set password the login fails with a “Verification
> failed” error.
> # After this failed login, the page results in a state where no login (for
> any user) is possible.
> # Only after reloading again and logging in with the newly set password is
> possible.
> # The user is prompted to set up TOTP again – the previously configured TOTP
> is no longer valid.
> # After the second TOTP setup, the user can log in successfully, and the
> system behaves as expected from that point onward.
> We would appreciate any guidance on how to resolve this issue or if this is a
> known bug in version 1.6.0.
> Thank you!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
