I mentioned this in passing on a different thread, but wanted to make sure
my understanding of how Guacamole extensions works is correct, and, if it
is, discuss a potential change.

As I understand it, today, for a Guacamole Extension that includes Java,
server-side code, to be loaded and run by the main Guacamole client
application, it has to be considered an "authentication provider," which
means specifying the authProvider tag in the manifest file and then
implement/extending a certain set of authentication provider classes.  Am I
understanding this correctly, or is it just because that's all I've ever

Assuming that understanding is correct, it seems like there have been
enough instances lately of people wanting to implement extensions that
aren't really authentication providers.  Things like "Wake on LAN," and
server status (ping) aren't really authentication modules, and, yet, if
they want to execute some action on the Tomcat (etc.) side, they have to
implement the authentication provider classes.  Maybe it's time to create a
few more directions extensions can go?  One suggestion would to be to split
out the idea of "authentication provider" from "connection provider" such
that extensions that only provide connections (like QuickConnect, as an
example) don't also have to provide the authentication framework.  I know
there are definitely some downsides to this, so I'm just opening up the
discussion at this point - for instance, sometimes providing connections
also means controlling who has access to them, as is the case with the JDBC
module, but it seems like there could be some more distinctive extension
types there.

Beyond that, maybe it would be possible to create a more generic extension
that could do things like provide REST APIs and manipulate the web client
(obviously that last part already works with things like branding), on top
of which authentication extensions (etc.) could be built.

Does that make sense?  Or am I missing something that can already be done
in the Guacamole client?  Other thoughts?


Reply via email to