necouchman commented on issue #430: GUACAMOLE-221: Client-side changes for parameter prompting URL: https://github.com/apache/guacamole-client/pull/430#issuecomment-613037216 @trengri @mike-jumper > The first problem is that the prompt appears only when I explicitly set "Security mode" to NLA in the connection settings. If the "Security mode" is set to "Any" or unset (blank), then the password prompt does not appear - I immediately get "CONNECTION ERROR - The remote desktop server is currently unreachable". I expected that "Any" mode will allow me to connect, but OK. I set "Security mode" to NLA and started testing. Yes, this is due to how the NLA connection security is negotiated, along with how the back-end FreeRDP library handles negotiating security modes. Basically, NLA requires a username and password to connect, so if that is not provided, and the security mode not explicitly given, then that mode will be discarded during negotiation. So, if you need NLA and prompting for username/password/domain, you'll need to force the mode to NLA. > After I click on the session, the white message box "CONNECTING - Connected to Guacamole. Waiting for response..." appears. This message hands for a while (up to 5-10 seconds). Then credentials prompt appears... Yeah, I'm going to need some help (ahem, @mike-jumper ) on this - I'm basically not doing something correctly during the prompting process to "pause" the connection such that it is kept alive in the background while waiting on the credentials. Again, this is still a work-in-progress. >> I noticed that if the username and domain fields are set in the connection properties, I'm prompted only for the password and not prompted for the username and domain. This might be expected behavior, but to my mind, it's better to prompt the user for all 3 fields (login, password, domain), but pre-populate them in the dialog box, so the user can just leave them as is, or edit them (for example, if he wants to connect as another user). Right now, if you are not showing the username in the prompt at all, the user does not have an opportunity to login as another user. > Re-showing the username, etc. if no username was originally part of the connection parameters could make sense. > The username definitely must not be shown if the value is provided when the connection is started, as at that point the administrator has dictated the account to be used, and the user should not be able to override that. I'll take a look at the logic and see if I can figure out how to handle this a little more cleanly, but, at present, it just looks for any "missing" (=blank) credentials and prompts for those. If values are present, it will continue to use the configured values. I suspect this behavior will stay largely the same (for the reasons Mike mentions), but I will definitely have to document it once it is ready.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
