[
https://issues.apache.org/jira/browse/GUACAMOLE-2214?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Naoto Ogawa updated GUACAMOLE-2214:
-----------------------------------
Description:
Clarification:
The primary user-facing issue is not only the inability to use UTF-8
connection identifiers, but that this prevents using UTF-8 display
names in client tabs.
Proposed Solution:
Add an optional 'name' field to JSON authentication connections so that
display names can safely contain UTF-8 characters while identifiers
remain ASCII-safe.
---
When using the JSON Authentication plugin, connections whose names contain
UTF-8 (non-ASCII) characters cannot be used correctly.
Environment:
- Apache Guacamole 1.6.0
- Docker deployment
- JSON Authentication plugin enabled
- Tomcat configured with URIEncoding="UTF-8"
- Browser: Microsoft Edge / Chrome (reproducible in both)
Steps to Reproduce:
1. Start the attached docker-compose configuration.
2. Generate an encrypted authentication URL using the attached Python script.
3. Open the generated URL in a browser.
4. Attempt to access the connection whose name contains non-ASCII characters.
Expected Result:
The connection should be listed and accessible regardless of whether the
connection name contains ASCII or UTF-8 characters.
Actual Result:
The connection either does not appear correctly or cannot be opened.
In the browser console, the following client-side error is observed:
InvalidCharacterError: Failed to execute 'btoa' on 'Window':
The string to be encoded contains characters outside of the Latin1 range.
Additional Notes:
- The same connection works correctly when using JDBC authentication.
- The issue occurs even when Tomcat is configured with URIEncoding="UTF-8".
- This suggests improper UTF-8 handling within the JSON Authentication plugin
or client-side encoding path.
- The problem appears to be related to how connection identifiers are
generated or processed when multibyte characters are present.
Example JSON used for reproduction
(The connection name intentionally uses Japanese text to demonstrate the issue):
{
"username": "demo",
"connections": {
"テスト": {
"protocol": "ssh",
"parameters":
{ "hostname": "ssh-target", "port": "2222", "username":
"testuser", "password": "testpass" }
}
}
}
Attached Files:
- docker-compose-repro.yaml — minimal Docker configuration used for
reproduction
- generate-auth-url.py — minimal Python script to generate the encrypted
authentication URL
- client-console-error.png — browser console screenshot showing the
client-side encoding error
Example execution command:
GUACAMOLE_URL=[http://localhost:8080/guacamole] \
GUACAMOLE_JSON_SECRET=00000000000000000000000000000000 \
python3 generate-auth-url.py
was:
When using the JSON Authentication plugin, connections whose names contain
UTF-8 (non-ASCII) characters cannot be used correctly.
Environment:
- Apache Guacamole 1.6.0
- Docker deployment
- JSON Authentication plugin enabled
- Tomcat configured with URIEncoding="UTF-8"
- Browser: Microsoft Edge / Chrome (reproducible in both)
Steps to Reproduce:
1. Start the attached docker-compose configuration.
2. Generate an encrypted authentication URL using the attached Python script.
3. Open the generated URL in a browser.
4. Attempt to access the connection whose name contains non-ASCII characters.
Expected Result:
The connection should be listed and accessible regardless of whether the
connection name contains ASCII or UTF-8 characters.
Actual Result:
The connection either does not appear correctly or cannot be opened.
In the browser console, the following client-side error is observed:
InvalidCharacterError: Failed to execute 'btoa' on 'Window':
The string to be encoded contains characters outside of the Latin1 range.
Additional Notes:
- The same connection works correctly when using JDBC authentication.
- The issue occurs even when Tomcat is configured with URIEncoding="UTF-8".
- This suggests improper UTF-8 handling within the JSON Authentication plugin
or client-side encoding path.
- The problem appears to be related to how connection identifiers are generated
or processed when multibyte characters are present.
Example JSON used for reproduction
(The connection name intentionally uses Japanese text to demonstrate the issue):
{
"username": "demo",
"connections": {
"テスト": {
"protocol": "ssh",
"parameters": {
"hostname": "ssh-target",
"port": "2222",
"username": "testuser",
"password": "testpass"
}
}
}
}
Attached Files:
- docker-compose-repro.yaml — minimal Docker configuration used for reproduction
- generate-auth-url.py — minimal Python script to generate the encrypted
authentication URL
- client-console-error.png — browser console screenshot showing the client-side
encoding error
Example execution command:
GUACAMOLE_URL=http://localhost:8080/guacamole \
GUACAMOLE_JSON_SECRET=00000000000000000000000000000000 \
python3 generate-auth-url.py
> JSON authentication cannot display UTF-8 connection names in tabs
> -----------------------------------------------------------------
>
> Key: GUACAMOLE-2214
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-2214
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-json
> Affects Versions: 1.6.0
> Reporter: Naoto Ogawa
> Priority: Minor
> Attachments: client_error.png, docker-compose-repro.yaml,
> generate-auth-url.py
>
>
> Clarification:
> The primary user-facing issue is not only the inability to use UTF-8
> connection identifiers, but that this prevents using UTF-8 display
> names in client tabs.
> Proposed Solution:
> Add an optional 'name' field to JSON authentication connections so that
> display names can safely contain UTF-8 characters while identifiers
> remain ASCII-safe.
> ---
> When using the JSON Authentication plugin, connections whose names contain
> UTF-8 (non-ASCII) characters cannot be used correctly.
> Environment:
> - Apache Guacamole 1.6.0
> - Docker deployment
> - JSON Authentication plugin enabled
> - Tomcat configured with URIEncoding="UTF-8"
> - Browser: Microsoft Edge / Chrome (reproducible in both)
> Steps to Reproduce:
> 1. Start the attached docker-compose configuration.
> 2. Generate an encrypted authentication URL using the attached Python script.
> 3. Open the generated URL in a browser.
> 4. Attempt to access the connection whose name contains non-ASCII characters.
> Expected Result:
> The connection should be listed and accessible regardless of whether the
> connection name contains ASCII or UTF-8 characters.
> Actual Result:
> The connection either does not appear correctly or cannot be opened.
> In the browser console, the following client-side error is observed:
> InvalidCharacterError: Failed to execute 'btoa' on 'Window':
> The string to be encoded contains characters outside of the Latin1 range.
> Additional Notes:
> - The same connection works correctly when using JDBC authentication.
> - The issue occurs even when Tomcat is configured with URIEncoding="UTF-8".
> - This suggests improper UTF-8 handling within the JSON Authentication
> plugin or client-side encoding path.
> - The problem appears to be related to how connection identifiers are
> generated or processed when multibyte characters are present.
> Example JSON used for reproduction
> (The connection name intentionally uses Japanese text to demonstrate the
> issue):
> {
> "username": "demo",
> "connections": {
> "テスト": {
> "protocol": "ssh",
> "parameters":
> { "hostname": "ssh-target", "port": "2222",
> "username": "testuser", "password": "testpass" }
> }
> }
> }
> Attached Files:
> - docker-compose-repro.yaml — minimal Docker configuration used for
> reproduction
> - generate-auth-url.py — minimal Python script to generate the encrypted
> authentication URL
> - client-console-error.png — browser console screenshot showing the
> client-side encoding error
> Example execution command:
> GUACAMOLE_URL=[http://localhost:8080/guacamole] \
> GUACAMOLE_JSON_SECRET=00000000000000000000000000000000 \
> python3 generate-auth-url.py
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
