GitHub user mike-jumper opened a pull request:
https://github.com/apache/incubator-guacamole-client/pull/192
GUACAMOLE-210: Add support for single sign-on with OpenID Connect
A mere two thousand lines of new code, this tiny pull request adds a new
extension, "guacamole-auth-openid", which provides supports for single sign-on
with OpenID Connect.
Similar to the existing CAS extension, the OpenID extension requires
several properties which define how Guacamole should connect to the OpenID
service. When properly configured, the Guacamole login screen will redirect
users to the OpenID service, which then generates a token authenticating the
user and redirects them back to Guacamole. Once the token has been validated,
and the identity of the user has been determined, the user is allowed in.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/mike-jumper/incubator-guacamole-client
openid-auth
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-guacamole-client/pull/192.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #192
----
commit 67c817af9ff1da7729a03205b929119f6d020027
Author: Michael Jumper <[email protected]>
Date: 2016-01-02T03:54:58Z
GUACAMOLE-210: Add stub OAuthAuthenticationProvider.
commit c7d5bd69aa33e8d28c5391176ae7977574c660f7
Author: Michael Jumper <[email protected]>
Date: 2016-01-02T07:54:09Z
GUACAMOLE-210: Add OAuth code field generated from configuration info in
guacamole.properties. Use Guice.
commit 89f25a9467b62545bd1c114a35bba8680678fcc6
Author: Michael Jumper <[email protected]>
Date: 2016-01-02T08:22:08Z
GUACAMOLE-210: Add OAuth code/link field.
commit 77e714b0e15dcbdaa5a0afc261e9a3592a8ee494
Author: Michael Jumper <[email protected]>
Date: 2016-01-02T08:36:12Z
GUACAMOLE-210: Stub out authentication (recognize but do not actually use
code).
commit 1c6a603a08c9e291205c10e2a38a2e4e53533e24
Author: Michael Jumper <[email protected]>
Date: 2016-01-02T08:43:18Z
GUACAMOLE-210: Move classes to reasonable packages.
commit 63b69ad0762676f6f3608cbd889f28b6c94c6c09
Author: Michael Jumper <[email protected]>
Date: 2016-01-03T05:10:30Z
GUACAMOLE-210: Use same version of Jersey as the main Guacamole webapp.
commit c20271cb9941854e46e85a5f975e4fa2aa832fea
Author: Michael Jumper <[email protected]>
Date: 2016-01-03T05:55:53Z
GUACAMOLE-210: Add remaining endpoint properties.
commit c3c6e0c43b749929ae88d3c40d1da7bad2aa0309
Author: Michael Jumper <[email protected]>
Date: 2016-01-03T06:35:47Z
GUACAMOLE-210: POST code to OAuth service to retrieve token.
commit fdc031338722242e30d1ca0b2e393a4b2ae2e8f0
Author: Michael Jumper <[email protected]>
Date: 2016-06-12T07:14:00Z
GUACAMOLE-210: Migrate to implicit flow (client-side, relies on
"id_token"). Update to pre-release 0.9.9-incubating codebase.
commit d27ba44439e702964cb668886ccbc35f740b38e8
Author: Michael Jumper <[email protected]>
Date: 2016-06-13T06:03:47Z
GUACAMOLE-210: Validate the JWT using jose.4.j.
commit 9159ca4289cc1a13d78afdea17067c64b7ea27d8
Author: Michael Jumper <[email protected]>
Date: 2016-06-13T07:01:08Z
GUACAMOLE-210: Use cryptographically-sound nonce generator.
commit faa327824beca658cbf0cb199d1bf049921b03a9
Author: Michael Jumper <[email protected]>
Date: 2016-06-13T09:19:05Z
GUACAMOLE-210: Add missing comment.
commit c5bd3390bfd60c62ea199faa73ef6fb0bb963ffd
Author: Michael Jumper <[email protected]>
Date: 2016-08-15T02:25:11Z
GUACAMOLE-210: Update for recent sharing-related changes to
AuthenticationProvider on 0.9.9-incubating (current upstream git).
commit 254639f6e9d4a2f48b971245e69a74ae42ac9dd4
Author: Michael Jumper <[email protected]>
Date: 2017-02-19T19:06:49Z
GUACAMOLE-210: Update to 0.9.11-incubating API.
commit 6d46d5cfb8307f2f57e14261855e9a72f555c0c4
Author: Michael Jumper <[email protected]>
Date: 2017-02-21T19:24:33Z
GUACAMOLE-210: Add Apache RAT plugin to guacamole-auth-openid build.
commit 11fb9b3fa432a8e02037e403fbb6f72d6a39a78d
Author: Michael Jumper <[email protected]>
Date: 2017-02-21T19:35:47Z
GUACAMOLE-210: Update to jose4j 0.5.5.
commit a8f97b548ece86e866e5ea96e0e49047270e34b7
Author: Michael Jumper <[email protected]>
Date: 2017-02-21T19:42:19Z
GUACAMOLE-210: Document licenses of bundled dependencies for
guacamole-auth-openid.
commit 1034612a47b8fdea4b1e8ee710615d09cd85d06d
Author: Michael Jumper <[email protected]>
Date: 2017-02-21T19:43:35Z
GUACAMOLE-210: Create guacamole-auth-openid bundle .tar.gz as part of build.
commit d04d61225a9f820b99fd1815c5b24205dc1cc8e1
Author: Michael Jumper <[email protected]>
Date: 2017-02-21T20:43:15Z
GUACAMOLE-210: Refactor source referencing OAuth to OpenID. This extension
uses OpenID, not OAuth.
commit 82c6048d504965da90b719fa948a9ee5d99edcbd
Author: Michael Jumper <[email protected]>
Date: 2017-02-21T20:45:37Z
GUACAMOLE-210: Move OpenID configuration property definitions into
ConfigurationService.
commit b59c1e72335d8585ce32ac9351baf564c469372f
Author: Michael Jumper <[email protected]>
Date: 2017-02-21T21:28:52Z
GUACAMOLE-210: Use empty template if field otherwise has no template.
commit 28cfc39c11838d6972c21ef92d6f07daaad0214e
Author: Michael Jumper <[email protected]>
Date: 2017-02-21T21:29:23Z
GUACAMOLE-210: Remove unnecessary empty template definitions (empty
template is the default).
commit 724a6a9737436b6e9a01eb209179e8ff34713758
Author: Michael Jumper <[email protected]>
Date: 2017-08-27T00:52:53Z
GUACAMOLE-210: Update API to 0.9.13-incubating.
commit 187903563b3b9dd0a9721a5dafe5a4a58cb268c0
Author: Michael Jumper <[email protected]>
Date: 2017-08-28T05:36:06Z
GUACAMOLE-210: Add redirect message. Refactor to use minification and
pre-cached templates.
commit 4f8c853daa34d85b68e40c54b92a7f09e6eeac73
Author: Michael Jumper <[email protected]>
Date: 2017-08-28T05:58:12Z
GUACAMOLE-210: Re-request ID token if validation or username retrieval
fails.
commit aaf1b796f3201916b9a5e8269cefd9b88df183bc
Author: Michael Jumper <[email protected]>
Date: 2017-08-28T06:58:15Z
GUACAMOLE-210: Properly generate and validate nonces.
commit 4dbf9a3f9ed899ca614f74871c05b4cd901b6e73
Author: Michael Jumper <[email protected]>
Date: 2017-08-28T09:04:21Z
GUACAMOLE-210: Add configuration options for scope, clock skew, etc., as
well as sensible defaults.
commit 4e459b9f19752559053bac6acd0f25d202a90df8
Author: Michael Jumper <[email protected]>
Date: 2017-09-25T20:09:11Z
GUACAMOLE-210: Implement AuthenticationProvider shutdown() function
required due to GUACAMOLE-393.
----
---
