[
https://issues.apache.org/jira/browse/GUACAMOLE-341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16079976#comment-16079976
]
Gregor S commented on GUACAMOLE-341:
------------------------------------
Hi [~mike.jumper],
I have seen a deprecation warning and read about the changes. While it makes
perfectly sense to not disable authentification on guacamole, without securing
it otherwise, still I think that this functionality needs to go somewhere to
enable SSO, before abandoning the noauth module completely.
I am not sure if this work has been already done. If yes, pls let me know where
to look for it. I will be happy to introduce the patch also there.
Best regards
Gregor
> GUAC_USERNAME token not defined if using guacamole-auth-header
> --------------------------------------------------------------
>
> Key: GUACAMOLE-341
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-341
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-header
> Affects Versions: 0.9.12-incubating
> Reporter: Gregor S
>
> To make tokenfilter work with auth-header -and noauth module.- (needed e.g.
> for Kerberos authentication through an Apache/Nginx Reverse Proxy, that
> passes REMOTE_USER header), username must be set in the credentials object,
> because it is added to the Tokenfilter only if username is not null in the
> credentials object.
> basically make $\{GUAC_USERNAME} be replaced with the credentials passed
> though the REMOTE_USER variable.
> See also:
> https://github.com/glyptodon/guacamole-client/blob/b26a664d66fd14a22eb7300d29aa20390cf408ec/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java#L118
> https://github.com/glyptodon/guacamole-client/blob/0.9.12-incubating/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleAuthenticationProvider.java#L170
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
