Github user necouchman commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/174#discussion_r132784755
--- Diff:
extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java
---
@@ -73,6 +73,8 @@ public AuthenticatedUser authenticateUser(Credentials
credentials)
String username =
request.getHeader(confService.getHttpAuthHeader());
if (username != null) {
+ // Write username to the credentials object to make
tokenfilter work
--- End diff --
@mike-jumper Any thoughts here on whether it's preferable to set the
username inside this module, or modify code elsewhere to use the
AuthenticatedUser identifier? Going the AuthenticatedUser route looks like it
would require one of the following approaches:
- Another method in StandardTokens to be able to pass in the username
token, specifically, with its own identifier, and then changes to the various
places that StandardTokens is used to add both the credentials and then,
alternatively the AuthenticatedUser code.
- Checks around the existing StandardTokens uses that make sure the
Credentials object has a valid username, and then code to create a new object
or modify the existing one around there using the AuthenticatedUser object.
It seems to me that setting it up inside the authentication module is the
right way to go - it results in the fewest places that have to be reworked, and
makes it available across the various places where those Credentials objects
are used. This module (auth-header) needs the fix, as will the CAS module. I
think those are the only two at the moment - any additional SSO-type modules
would also have to keep it in mind (SAML, OAuth).
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
