GUACAMOLE-1289: Refactor Duo and authentication flow to instead leverage support for updating/replacing credentials. #980
Conversation
|
I'll see if I can throw some backward compatibility in here, too... |
|
It's looking like backward compatibility isn't really possible. Users will simply need to update their Duo config or use an older version of the extension. |
… instead leverage support for updating/replacing credentials prior to auth.
…o dependencies to latest compatible.
…lt of 5 minutes).
…o match the naming style of their corresponding projects.
…ted in failure events.
mike-jumper
force-pushed
the
simplify-auth-resume
branch
from
3788a61
to
4a0e9f3
Compare
…r invalid tokens.
… relative, not absolute.
|
Tested things out and seems to work well! |
There was a problem hiding this comment.
Looks good to me. @jmuehlner or @aleitner, any comments/concerns on this one?
I haven't had time to dig into it yet, but I trust you if you think it's good. |
Having a look now. |
LGTM. Probably worth @aleitner having a look too, as he's the New Duo Guy. |
|
Thanks @jmuehlner. I'll hold off on the merge for a day or two and let @aleitner have a chance to have a look. |
|
I love this. Much simpler and solves the problem my open pr was meant to solve. |
This change builds off and refactors the changes from #966 to instead allow extensions to update (or even replace) the
Credentialsreceived by a user prior to authentication.In the context of Duo, this allows the Duo extension to internally cache and restore the credentials that were originally received prior to redirecting the user to the Duo service, allowing authentication to continue where it left off (and allowing the
${GUAC_USERNAME}and${GUAC_PASSWORD}tokens to continue to work as intended).These changes also switch the
duo-auth-timeoutproperty from seconds (with a default of 30 seconds) to minutes (with a default of 5 minutes). This is in line with the timeout used for SAML and with theAuthenticationSessionManagerclass (which only enforces timeouts within roughly one minute).If acceptable, this is intended to supersede #973 and incorporates the same changes updating/removing old dependencies.