TOTP Configuration Properties
Advanced configuration properties for TOTP 2FA
The properties listed here are only applicable if TOTP is being used as an additional authentication factor. Support for TOTP is installed using thekcm-guacamole-auth-totp package. If using the keeper/guacamole Docker image, support for TOTP is instead configured using environment variables.

TOTP issuer details

A human readable name must be associated with generated keys such that the user enrolling their authentication device will be able to easily distinguish the code they should use for this application vs. the other applications that same authentication device may be used for. This value does not affect the key generated nor handling of received codes; it only serves as a reference for the user.
Property name
Default value
Description
totp-issuer
Apache Guacamole
The human-readable name of the entity issuing user accounts.

TOTP code generation

Most authentication devices supporting TOTP use 6-digit codes, a code period of 30 seconds, and the SHA-1 hash algorithm. These values are used as the defaults for code generation. If your requirements differ, these default values may be overridden.
Property name
Default value
Description
totp-digits
6
The number of digits which should be included in each generated code. TOTP allows for 6-, 7-, or 8-digit codes. Longer or shorter codes than this are not possible as they violate the TOTP standard.
totp-period
30
The duration that each generated code should remain valid, in seconds. The code generation period is given in positive integer seconds and may be any value, however the value should be long enough to allow the user a reasonable amount of time to enter their code. Their authentication device will generate a new code after this period elapses.
totp-mode
sha1
The hash algorithm that should be used to generate codes. Valid TOTP modes (hashes) are:
  • sha1
  • sha256
  • sha512
Before selecting a value which differs from the default (sha1), be sure to verify that your authentication devices support that hash.
Export as PDF
Copy link
On this page
TOTP issuer details
TOTP code generation