cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2593
Views
4
Helpful
4
Replies

DUO and Guacamole - what's the problem?

tabbit
Level 1
Level 1

Hello,
I integrated our Guacamole server with DUO (using WebSDK application) and entered the 4 fields as mentioned into the guacamole.properties file:

duo-api-hostname: ■■■■■■■■■■■■■■■■■■■■■■■■■
duo-integration-key: THEIKEY
duo-secret-key: THESECRETKEY
duo-application-key: SOMERANDOMKEY

So far so good, but when opening up Guacamole and logging in, the following happens:
The screen shows a message:
Please authenticate with Duo to continue.

It just shows a “Continue” button, nothing else…
Clicking this button throws an error: Duo validation code incorrect.

And I’m stuck in the same loop with the same message “Please authenticate with Duo to continue.” and that button…

I can click as often as I want to, but I never get to the step where I could REALLY authenticate…

What did I do wrong with that integration?

Thanks a lot for your wisdom on this!

1 Accepted Solution

Accepted Solutions

tabbit
Level 1
Level 1

…and here Murphy strikes again… With the latest update of Vivaldi, I don’t face this problem again on any our machines… Please see this topic as closed, as it seems to be fine now…

Thanks a lot for your support!

View solution in original post

4 Replies 4

DuoPablo
Cisco Employee
Cisco Employee

Hi @tabbit ,

Would you be able to post screenshots or a video of the issue? The “Please authenticate with Duo” verbiage does not sound like the Duo Prompt being invoked (see Chapter 8. Duo two-factor authentication), either for fully or partially enrolled Duo users.

Also, what version of the WebSDK are you implementing (v2 or v4)?

Thanks!

Hi DuoPablo - thanks a lot for your response! Sure, can post you a screen shot here - it comes up directly after entering my user name and password in the login form…
What version of WebSDK, I don’t know - I just followed the instructions from the website you referred to in your post. I also took older versions of the JAR file, same behavior…

In my tests, I found out that the problem only comes up with the Chromium-based “Vivaldi” browser - “Firefox” worked fine.

Thanks a lot for suggestions on this!

Thanks tabbit! It looks like Apache packages WebSDKv2 in the JAR, which is fine (via our Java client).

It is good that you were able to narrow it down to the type of browser. While the Duo Prompt itself is not officially supported in Vivaldi, any Chromium-based web browser should be compatible.

Given the static verbiage of the Guacamole message, perhaps something is preventing the iframe from rendering inside of Vivaldi. Do you see successful (200) connections being made to your duo-api-hostname using a HAR capture/logger when attempting to log in via Vivaldi? You might cross-reference a working browser’s HAR network connections to first verify that the Duo Prompt is being invoked.

tabbit
Level 1
Level 1

…and here Murphy strikes again… With the latest update of Vivaldi, I don’t face this problem again on any our machines… Please see this topic as closed, as it seems to be fine now…

Thanks a lot for your support!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links