Yes. On Tuesday, July 1st, 2025 at 12:42, marki <[email protected]> wrote:
> You mean TOTP? > > El 1 de julio de 2025 9:34:28 CEST, [email protected] > escribió: > >> Hi, >> >> When activating SSO and having set up TOPT for the admin account, signing-in >> with SSO brings up a TOPT loginscreen from guacamole which cannot be >> completed, due to the admin account although having TOPT, that's a different >> user, so it did not work to complete TOPT for an SSO User. >> >> I already reported this problem a while ago and got confirmation that this >> should already be fixed and released with 1.6.0 sadly it's still not working >> :/ >> >> Looking further in jira it seems to be that only SAML has been fixed. >> https://www.mail-archive.com/[email protected]/msg13233.html >> >> or am I missing any new config options, that I have overlooked in release >> announcements? >> >> It would be really nice to be able to have the admin Account secured with >> TOPT and still have SSO users. >> >> My guacamole properties for OIDC setup: >> ``` >> openid-authorization-endpoint: >> https://auth.mydomain.dev/application/o/authorize/ >> openid-client-id: XXXXX >> openid-issuer: https://auth.mydomain.dev/application/o/guacamole/ >> openid-jwks-endpoint: https://auth.mydomain.dev/application/o/guacamole/jwks/ >> openid-redirect-uri: https://guac.mydomain.dev/guacamole >> openid-scope: openid email profile >> openid-username-claim-type: preferred_usernameextension-priority: *, openid >> ``` >> I'd be happy to provide logs, but using >> ``` >> systemctl stop guacd >> /usr/local/sbin/guacd -L debug -f >> ``` >> does not bring up any logs during sign-in. >> >> Let me know if this can be fixed in a similar way than SAML or if I should >> request and Account and report this on jira. >> >> - Tobias >> >> Sent with [Proton Mail](https://pr.tn/ref/BTTM5JG4EZEG) secure email.
