DUO and Guacamole - what's the problem?

Hello,
I integrated our Guacamole server with DUO (using WebSDK application) and entered the 4 fields as mentioned into the guacamole.properties file:

duo-api-hostname: ■■■■■■■■■■■■■■■■■■■■■■■■■
duo-integration-key: THEIKEY
duo-secret-key: THESECRETKEY
duo-application-key: SOMERANDOMKEY

So far so good, but when opening up Guacamole and logging in, the following happens:
The screen shows a message:
Please authenticate with Duo to continue.

It just shows a “Continue” button, nothing else…
Clicking this button throws an error: Duo validation code incorrect.

And I’m stuck in the same loop with the same message “Please authenticate with Duo to continue.” and that button…

I can click as often as I want to, but I never get to the step where I could REALLY authenticate…

What did I do wrong with that integration?

Thanks a lot for your wisdom on this!

Hi @tabbit ,

Would you be able to post screenshots or a video of the issue? The “Please authenticate with Duo” verbiage does not sound like the Duo Prompt being invoked (see Chapter 8. Duo two-factor authentication), either for fully or partially enrolled Duo users.

Also, what version of the WebSDK are you implementing (v2 or v4)?

Thanks!

1 Like

Hi DuoPablo - thanks a lot for your response! Sure, can post you a screen shot here - it comes up directly after entering my user name and password in the login form…
What version of WebSDK, I don’t know - I just followed the instructions from the website you referred to in your post. I also took older versions of the JAR file, same behavior…

In my tests, I found out that the problem only comes up with the Chromium-based “Vivaldi” browser - “Firefox” worked fine.

Thanks a lot for suggestions on this!

1 Like

Thanks tabbit! It looks like Apache packages WebSDKv2 in the JAR, which is fine (via our Java client).

It is good that you were able to narrow it down to the type of browser. While the Duo Prompt itself is not officially supported in Vivaldi, any Chromium-based web browser should be compatible.

Given the static verbiage of the Guacamole message, perhaps something is preventing the iframe from rendering inside of Vivaldi. Do you see successful (200) connections being made to your duo-api-hostname using a HAR capture/logger when attempting to log in via Vivaldi? You might cross-reference a working browser’s HAR network connections to first verify that the Duo Prompt is being invoked.

1 Like

…and here Murphy strikes again… With the latest update of Vivaldi, I don’t face this problem again on any our machines… Please see this topic as closed, as it seems to be fine now… :slight_smile:

Thanks a lot for your support!

1 Like