I am using Guacamole 1.3.0 with auth-pam-1.0.0.jar and the unix-user-mapping.xml file. This is working mostly brilliantly with FreeIPA and the guacamole server as ipaclient with sssd. Thank you!
In FreeIPA you can authenticate with OTP by filling in password+otp in the password field. When I login with an user that does not have OTP enabled in FreeIPA Guacamole is showing the connection list perfectly and works as expected. When I login with an user that has OTP enabled and login with the password+otp system, then I get a login without any connections shown.....

[2021-04-23 22:53:34] [info] 22:53:34.828 [http-nio-8080-exec-1] INFO o.a.g.r.auth.AuthenticationService - User "l.gaga" successfully authenticated from [80.127.158.83, 192.168.40.29].
[2021-04-23 22:53:36] [info] 22:53:36.637 [http-nio-8080-exec-1] DEBUG o.a.g.r.auth.AuthenticationService - Login was successful for user "l.gaga".
[2021-04-23 22:53:36] [info] 22:53:36.718 [http-nio-8080-exec-4] DEBUG o.a.g.rest.RESTExceptionMapper - Client request rejected: Session not associated with authentication provider "pam".
Would it be possible to update the pam module to support a password+otp login?
I am using Guacamole 1.3.0 with auth-pam-1.0.0.jar and the unix-user-mapping.xml file. This is working mostly brilliantly with FreeIPA and the guacamole server as ipaclient with sssd. Thank you!
In FreeIPA you can authenticate with OTP by filling in password+otp in the password field. When I login with an user that does not have OTP enabled in FreeIPA Guacamole is showing the connection list perfectly and works as expected. When I login with an user that has OTP enabled and login with the password+otp system, then I get a login without any connections shown.....

[2021-04-23 22:53:34] [info] 22:53:34.828 [http-nio-8080-exec-1] INFO o.a.g.r.auth.AuthenticationService - User "l.gaga" successfully authenticated from [80.127.158.83, 192.168.40.29].
[2021-04-23 22:53:36] [info] 22:53:36.637 [http-nio-8080-exec-1] DEBUG o.a.g.r.auth.AuthenticationService - Login was successful for user "l.gaga".
[2021-04-23 22:53:36] [info] 22:53:36.718 [http-nio-8080-exec-4] DEBUG o.a.g.rest.RESTExceptionMapper - Client request rejected: Session not associated with authentication provider "pam".
Would it be possible to update the pam module to support a password+otp login?