GUACAMOLE-1289: Modify the Authentication Service to no longer explicitly compare state query string.

extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProvider.java

@@ -33,6 +33,13 @@ import org.apache.guacamole.net.auth.UserContext;
  */
 public class DuoAuthenticationProvider extends AbstractAuthenticationProvider {
 
+    /**
+     * The unique identifier for this authentication provider. This is used in
+     * various parts of the Guacamole client to distinguish this provider from
+     * others, particularly when multiple authentication providers are used.
+     */
+    public static String PROVIDER_IDENTIFER = "duo";
+
     /**
      * Injector which will manage the object graph of this authentication
      * provider.
@@ -58,7 +65,7 @@ public class DuoAuthenticationProvider extends AbstractAuthenticationProvider {
 
     @Override
     public String getIdentifier() {
-        return "duo";
+        return PROVIDER_IDENTIFER;
     }
 
     @Override

extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProviderModule.java

@@ -73,7 +73,6 @@ public class DuoAuthenticationProviderModule extends AbstractModule {
         // Bind Duo-specific services
         bind(ConfigurationService.class);
         bind(UserVerificationService.class);
-        
     }
 
 }

extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java

@@ -39,6 +39,7 @@ import org.apache.guacamole.net.auth.Credentials;
 import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.web.util.UriComponentsBuilder;
 
 /**
  * Service for verifying the identity of a user against Duo.
@@ -51,13 +52,13 @@ public class UserVerificationService {
      * The name of the parameter which Duo will return in it's GET call-back
      * that contains the code that the client will use to generate a token.
      */
-    private static final String DUO_CODE_PARAMETER_NAME = "duo_code";
+    public static final String DUO_CODE_PARAMETER_NAME = "duo_code";
     
     /**
      * The name of the parameter that will be used in the GET call-back that
      * contains the session state.
      */
-    private static final String DUO_STATE_PARAMETER_NAME = "state";
+    public static final String DUO_STATE_PARAMETER_NAME = "state";
     
     /**
      * The value that will be returned in the token if Duo authentication
@@ -101,12 +102,20 @@ public class UserVerificationService {
 
         try {
 
+        String redirectUrl = confService.getRedirectUrl().toString();
+
+        String builtUrl = UriComponentsBuilder
+                .fromUriString(redirectUrl)
+                .queryParam(Credentials.RESUME_QUERY, DuoAuthenticationProvider.PROVIDER_IDENTIFER)
+                .build()
+                .toUriString();
+
         // Set up the Duo Client
         Client duoClient = new Client.Builder(
                 confService.getClientId(),
                 confService.getClientSecret(),
                 confService.getAPIHostname(),
-                confService.getRedirectUrl().toString())
+                builtUrl)
                 .build();
         
         duoClient.healthCheck();
@@ -133,8 +142,8 @@ public class UserVerificationService {
                             new TranslatableMessage("LOGIN.INFO_DUO_REDIRECT_PENDING")
                     )
                 )),
-                duoState,
-                expirationTimestamp
+                duoState, DuoAuthenticationProvider.PROVIDER_IDENTIFER, 
+                DUO_STATE_PARAMETER_NAME, expirationTimestamp
             );
 
         }