GUACAMOLE-1289: Modify the Authentication Service to no longer explicitly compare state query string.

extensions/guacamole-auth-duo/pom.xml

@@ -39,9 +39,33 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <enforcer.skip>true</enforcer.skip>
     </properties>
 
+    <dependencyManagement>
+        <dependencies>
+            <!-- Define okhttp version to use everywhere to resolve conflict -->
+            <dependency>
+                <groupId>com.squareup.okhttp3</groupId>
+                <artifactId>okhttp</artifactId>
+                <version>4.9.1</version> <!-- Specify the desired version -->
+            </dependency>
+
+            <!-- Force the use of a consistent version of Kotlin standard library common -->
+            <dependency>
+                <groupId>org.jetbrains.kotlin</groupId>
+                <artifactId>kotlin-stdlib-common</artifactId>
+                <version>1.4.10</version>
+            </dependency>
+
+            <dependency>
+                <groupId>org.jetbrains.kotlin</groupId>
+                <artifactId>kotlin-stdlib</artifactId>
+                <version>1.4.10</version>
+            </dependency>
+
+        </dependencies>
+    </dependencyManagement>
+
     <dependencies>
 
        <!-- Guacamole Extension API -->
@@ -79,11 +103,11 @@
             <version>1.1.3</version>
         </dependency>
         
-        <!-- kotlin-stdlib-common -->
+        <!-- spring-web -->
         <dependency>
-            <groupId>org.jetbrains.kotlin</groupId>
-            <artifactId>kotlin-stdlib-common</artifactId>
-            <version>1.4.10</version>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-web</artifactId>
+            <version>5.3.25</version>
         </dependency>
 
     </dependencies>

extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProvider.java

@@ -33,6 +33,13 @@ import org.apache.guacamole.net.auth.UserContext;
  */
 public class DuoAuthenticationProvider extends AbstractAuthenticationProvider {
 
+    /**
+     * The unique identifier for this authentication provider. This is used in
+     * various parts of the Guacamole client to distinguish this provider from
+     * others, particularly when multiple authentication providers are used.
+     */
+    public static String PROVIDER_IDENTIFER = "duo";
+
     /**
      * Injector which will manage the object graph of this authentication
      * provider.
@@ -58,7 +65,7 @@ public class DuoAuthenticationProvider extends AbstractAuthenticationProvider {
 
     @Override
     public String getIdentifier() {
-        return "duo";
+        return PROVIDER_IDENTIFER;
     }
 
     @Override

extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProviderModule.java

@@ -73,7 +73,6 @@ public class DuoAuthenticationProviderModule extends AbstractModule {
         // Bind Duo-specific services
         bind(ConfigurationService.class);
         bind(UserVerificationService.class);
-        
     }
 
 }

extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java

@@ -39,6 +39,7 @@ import org.apache.guacamole.net.auth.Credentials;
 import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.web.util.UriComponentsBuilder;
 
 /**
  * Service for verifying the identity of a user against Duo.
@@ -51,13 +52,13 @@ public class UserVerificationService {
      * The name of the parameter which Duo will return in it's GET call-back
      * that contains the code that the client will use to generate a token.
      */
-    private static final String DUO_CODE_PARAMETER_NAME = "duo_code";
+    public static final String DUO_CODE_PARAMETER_NAME = "duo_code";
     
     /**
      * The name of the parameter that will be used in the GET call-back that
      * contains the session state.
      */
-    private static final String DUO_STATE_PARAMETER_NAME = "state";
+    public static final String DUO_STATE_PARAMETER_NAME = "state";
     
     /**
      * The value that will be returned in the token if Duo authentication
@@ -101,12 +102,20 @@ public class UserVerificationService {
 
         try {
 
+        String redirectUrl = confService.getRedirectUrl().toString();
+
+        String builtUrl = UriComponentsBuilder
+                .fromUriString(redirectUrl)
+                .queryParam(Credentials.RESUME_QUERY, DuoAuthenticationProvider.PROVIDER_IDENTIFER)
+                .build()
+                .toUriString();
+
         // Set up the Duo Client
         Client duoClient = new Client.Builder(
                 confService.getClientId(),
                 confService.getClientSecret(),
                 confService.getAPIHostname(),
-                confService.getRedirectUrl().toString())
+                builtUrl)
                 .build();
         
         duoClient.healthCheck();
@@ -133,8 +142,8 @@ public class UserVerificationService {
                             new TranslatableMessage("LOGIN.INFO_DUO_REDIRECT_PENDING")
                     )
                 )),
-                duoState,
-                expirationTimestamp
+                duoState, DuoAuthenticationProvider.PROVIDER_IDENTIFER, 
+                DUO_STATE_PARAMETER_NAME, expirationTimestamp
             );
 
         }