The parameter for the TOTP code is "guac-totp", not "totp".
You can actually see this in the REST responses from Guacamole.
Responses to authentication attempts include a machine-readable list of
the parameters expected under the circumstances. This is how Guacamole
knows what fields to present to the user.
You can also see this in practice by looking at the request submitted by
the webapp using your browser's devtools.
- Mike
On 9/10/24 1:44 AM, Joshi, Sandeep wrote:
Hi Team,
I am very new user to Guacamole and I want to login into server
via API (I am using PHP code)
Now for this new user, I can login manually, give id-pwd - next
screen - give OTP - which I have setup on my
Google authenticator, - login.
Now I can generate this OTP successfully in php via spomkey
library and using the secret key that was
given when I setup the Google authenticator first time (secret key
is just below that QR Code).
[ $totp = \OTPHP\TOTP::create($totpSecret);
$totpCode = $totp->now();
echo "the OTP Code is:".$totpCode; ] //if we run this code and
see the OTP on mobile at same time -> both are same !
Now how can I use it to send it for login? below code simply
fails... It was working when only id-pwd was enabled
on our Guacamole server. But with MFA it fails.
$url = 'https://<Our Guaca server address>/guacamole/api/tokens';
$totp = \OTPHP\TOTP::create($totpSecret);
$totpCode = $totp->now();
echo "the OTP Code is:".$totpCode;
$data = [
'username' => $username,
'password' => $password,
'totp' => $totpCode
];
// use key 'http' even if you send the request to https://...
$options = array(
'http' => array(
'header' => "Content-type:
application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($data)
)
);
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
NOTE: I have seen the website that gives lot many options for Auth like
SAML, DUO etc. but they are for setting up the login
on the server. That part is done and working properly, when user
logs in manually.
Now how to send this via API?
Anyone has done this successfully? I am okay with Java/php/ any
other language. Thanks again for your help.
Best regards,
Joshi
*Confidentiality Notice:*
This electronic message, including any accompanying documents, contains
confidential information from OpSec Security and/or its affiliates and
may include information that is privileged and exempt from disclosure
under applicable law. If you are neither the intended recipient nor
responsible for delivering the message to the intended recipient, please
note that any dissemination, distribution, copying or the taking of any
action in reliance upon the message is strictly prohibited. If you have
received this communication in error, please destroy the communication
and notify the sender immediately. This email has been automatically
scanned for viruses and malware, however, this email cannot be
guaranteed to be secure or error-free, as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
contain viruses. The sender does not accept liability for any errors or
omissions in the contents of this message which arise because of email
transmission.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org
