diff --git a/guacamole-docker/bin/build-guacamole.sh b/guacamole-docker/bin/build-guacamole.sh index c5ff255d4..88087e5bf 100755 --- a/guacamole-docker/bin/build-guacamole.sh +++ b/guacamole-docker/bin/build-guacamole.sh @@ -134,3 +134,18 @@ if [ -f extensions/guacamole-auth-openid/target/guacamole-auth-openid*.jar ]; th mkdir -p "$DESTINATION/openid" cp extensions/guacamole-auth-openid/target/guacamole-auth-openid*.jar "$DESTINATION/openid" fi + +# +# Copy Duo auth extension if it was built +# + +if [ -f extensions/guacamole-auth-duo/target/*.tar.gz ]; then + mkdir -p "$DESTINATION/duo" + tar -xzf extensions/guacamole-auth-duo/target/*.tar.gz \ + -C "$DESTINATION/duo/" \ + --wildcards \ + --no-anchored \ + --no-wildcards-match-slash \ + --strip-components=1 \ + "*.jar" +fi diff --git a/guacamole-docker/bin/start.sh b/guacamole-docker/bin/start.sh index 2ed50a929..e5ad51ead 100755 --- a/guacamole-docker/bin/start.sh +++ b/guacamole-docker/bin/start.sh @@ -460,6 +460,45 @@ END } +## +## Adds properties to guacamole.properties which configure the Duo two-factor +## authentication service. Checks to see if all variables are defined and makes sure +## DUO_APPLICATION_KEY is >= 40 characters. +## +associate_duo() { + # Verify required parameters are present + if [ -z "$DUO_INTEGRATION_KEY" ] || \ + [ -z "$DUO_SECRET_KEY" ] || \ + [ ${#DUO_APPLICATION_KEY} -lt 40 ] + then + cat <<END +FATAL: Missing required environment variables +------------------------------------------------------------------------------- +If using the Duo authentication extension, you must provide each of the +following environment variables: + + DUO_API_HOSTNAME The hostname of the Duo API endpoint. + + DUO_INTEGRATION_KEY The integration key provided for Guacamole by Duo. + + DUO_SECRET_KEY The secret key provided for Guacamole by Duo. + + DUO_APPLICATION_KEY An arbitrary, random key. + This value must be at least 40 characters. +END + exit 1; + fi + + # Update config file + set_property "duo-api-hostname" "$DUO_API_HOSTNAME" + set_property "duo-integration-key" "$DUO_INTEGRATION_KEY" + set_property "duo-secret-key" "$DUO_SECRET_KEY" + set_property "duo-application-key" "$DUO_APPLICATION_KEY" + + # Add required .jar files to GUACAMOLE_EXT + ln -s /opt/guacamole/duo/guacamole-auth-*.jar "$GUACAMOLE_EXT" +} + ## ## Starts Guacamole under Tomcat, replacing the current process with the ## Tomcat process. As the current process will be replaced, this MUST be the @@ -591,6 +630,11 @@ END exit 1; fi +# Use Duo if specified. +if [ -n "$DUO_API_HOSTNAME" ]; then + associate_duo +fi + # # Finally start Guacamole (under Tomcat) #
With regards, Apache Git Services