diff --git a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProviderModule.java b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProviderModule.java index c50e1039de..2b5e5d0b27 100644 --- a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProviderModule.java +++ b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProviderModule.java @@ -41,6 +41,11 @@ public class DuoAuthenticationProviderModule extends AbstractModule { * module has configured injection. */ private final AuthenticationProvider authProvider; + + /** + * The session manager that stores authentication attempts. + */ + private final DuoAuthenticationSessionManager authSessionManager; /** * Creates a new Duo authentication provider module which configures @@ -61,6 +66,9 @@ public DuoAuthenticationProviderModule(AuthenticationProvider authProvider) // Store associated auth provider this.authProvider = authProvider; + + // Create a new session manager + this.authSessionManager = new DuoAuthenticationSessionManager(); } @@ -72,9 +80,10 @@ protected void configure() { bind(Environment.class).toInstance(environment); // Bind Duo-specific services + bind(DuoAuthenticationSessionManager.class).toInstance(authSessionManager); bind(ConfigurationService.class); bind(UserVerificationService.class); - bind(DuoAuthenticationSessionManager.class); + } diff --git a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java index 7ac16d51a0..d38a4c6c62 100644 --- a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java +++ b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java @@ -37,12 +37,16 @@ import org.apache.guacamole.net.auth.AuthenticatedUser; import org.apache.guacamole.net.auth.Credentials; import org.apache.guacamole.net.auth.credentials.CredentialsInfo; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Service for verifying the identity of a user against Duo. */ public class UserVerificationService { + private static final Logger LOGGER = LoggerFactory.getLogger(UserVerificationService.class); + /** * The name of the parameter which Duo will return in it's GET call-back * that contains the code that the client will use to generate a token. @@ -124,6 +128,7 @@ public void verifyAuthenticatedUser(AuthenticatedUser authenticatedUser) // Get a new session state from the Duo client duoState = duoClient.generateState(); + LOGGER.debug(">>> DUO <<< STATE DEFER: {}", duoState); // Add this session duoSessionManager.defer(new DuoAuthenticationSession(confService.getAuthTimeout(), duoState, username), duoState); @@ -142,9 +147,13 @@ public void verifyAuthenticatedUser(AuthenticatedUser authenticatedUser) ); } + + LOGGER.debug(">>> DUO <<< STATE RESUME: {}", duoState); // Retrieve the deferred authenticaiton attempt DuoAuthenticationSession duoSession = duoSessionManager.resume(duoState); + if (duoSession == null) + throw new GuacamoleServerException("Failed to resume Duo authentication session."); // Get the token from the DuoClient using the code and username, and check status Token token = duoClient.exchangeAuthorizationCodeFor2FAResult(duoCode, duoSession.getUsername());