safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-10-27 15:13:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-1289: Migrate to minute-granularity timeouts for Duo (default of 5 minutes).

Browse Source
This commit is contained in:
Michael Jumper
2024-04-25 16:18:33 -07:00
parent 23ed76d460
commit 3859fd2f1c
2 changed files with 16 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java
View File

@@ -151,7 +151,7 @@ public class UserVerificationService {
// GUAC_PASSWORD tokens continue to work as expected despite the // GUAC_PASSWORD tokens continue to work as expected despite the
// redirect to/from the external Duo service) // redirect to/from the external Duo service)
duoState = duoClient.generateState(); duoState = duoClient.generateState();
long expirationTimestamp = System.currentTimeMillis() + (confService.getAuthTimeout() * 1000L); long expirationTimestamp = System.currentTimeMillis() + (confService.getAuthenticationTimeout() * 60000L);
sessionManager.defer(new DuoAuthenticationSession(credentials, expirationTimestamp), duoState); sessionManager.defer(new DuoAuthenticationSession(credentials, expirationTimestamp), duoState);
// Obtain authentication URL from Duo client // Obtain authentication URL from Duo client

27
extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/conf/ConfigurationService.java
View File

@@ -94,7 +94,7 @@ public class ConfigurationService {
}; };
/** /**
* The property that configures the timeout, in seconds, of in-progress * The property that configures the timeout, in minutes, of in-progress
* Duo authentication attempts. Authentication attempts that take longer * Duo authentication attempts. Authentication attempts that take longer
* than this period of time will be invalidated. * than this period of time will be invalidated.
*/ */
@@ -170,20 +170,23 @@ public class ConfigurationService {
public URI getRedirectUri() throws GuacamoleException { public URI getRedirectUri() throws GuacamoleException {
return environment.getRequiredProperty(DUO_REDIRECT_URI); return environment.getRequiredProperty(DUO_REDIRECT_URI);
} }
/** /**
* Return the number of seconds after which in-progress authentication attempts with * Returns the maximum amount of time to allow for an in-progress Duo
* Duo should be invalidated. The default is 30 seconds. * authentication attempt to be completed, in minutes. A user that takes
* * longer than this amount of time to complete authentication with Duo
* will need to try again.
*
* @return * @return
* The number of seconds after which in-progress Duo MFA attempts should * The maximum amount of time to allow for an in-progress Duo
* be invalidated. * authentication attempt to be completed, in minutes.
* *
* @throws GuacamoleException * @throws GuacamoleException
* If guacamole.properties cannot be parsed. * If the authentication timeout cannot be parsed.
*/ */
public int getAuthTimeout() throws GuacamoleException { public int getAuthenticationTimeout() throws GuacamoleException {
return environment.getProperty(DUO_AUTH_TIMEOUT, 30); return environment.getProperty(DUO_AUTH_TIMEOUT, 5);
} }
} }