TOTP Configuration Properties
Advanced configuration properties for TOTP 2FA
The properties listed here are only applicable if TOTP is being used as an additional authentication factor. Support for TOTP is installed using thekcm-guacamole-auth-totp package. If using the keeper/guacamole Docker image, support for TOTP is instead configured using environment variables.
TOTP issuer details
A human readable name must be associated with generated keys such that the user enrolling their authentication device will be able to easily distinguish the code they should use for this application vs. the other applications that same authentication device may be used for. This value does not affect the key generated nor handling of received codes; it only serves as a reference for the user.
| Property name | Default value | Description |
|---|---|---|
| Apache Guacamole | The human-readable name of the entity issuing user accounts. |
TOTP code generation
Most authentication devices supporting TOTP use 6-digit codes, a code period of 30 seconds, and the SHA-1 hash algorithm. These values are used as the defaults for code generation. If your requirements differ, these default values may be overridden.
| Property name | Default value | Description |
|---|---|---|
| 6 | The number of digits which should be included in each generated code. TOTP allows for 6-, 7-, or 8-digit codes. Longer or shorter codes than this are not possible as they violate the TOTP standard. |
| 30 | The duration that each generated code should remain valid, in seconds. The code generation period is given in positive integer seconds and may be any value, however the value should be long enough to allow the user a reasonable amount of time to enter their code. Their authentication device will generate a new code after this period elapses. |
|
| The hash algorithm that should be used to generate codes. Valid TOTP modes (hashes) are:
Before selecting a value which differs from the default ( |
Last updated