Re: Send PrintScreen key to the Remote Desktop

[Amarjeet Singh]

PrintScreen can be  captured while Keyup and the keysym is already there in
guacamole.js which I tried to send it to the server but didn't worked.


Sending the keysym of Printscreen to the RDP server is not copying the
image to the remote clipboard.

I tried to send both keydown and keyup as well but didn't worked.

Any suggestions.

Can't we send keysym as we send for normal keys  ( a - z or A-Z or 0-9 ) ?

On Thu, Feb 8, 2018 at 10:17 PM, Nick Couchman  wrote:

> On Thu, Feb 8, 2018 at 5:49 AM, Amarjeet Singh 
> wrote:
>
>> Hi Team,
>>
>> I am unable to use PrintScreen key.
>>
>> Guacamole is not sending the PrintScreen key to the RDP Desktop.
>>
>> It is not captured by keydown event but is captured during onkeyup event
>> and released by the Guacamole.
>>
>>
> The most likely explanation for this is that the client system is
> capturing it before it even gets to the Web Browser.  Print Screen is
> fairly universally captured by desktop operating systems, and each of them
> behave slightly differently in what they do with that key combo.  Windows
> takes an image and copies it to the clipboard.  Many Linux Window Managers
> bring up a dialog with the image and ask you what you want to do.  Can't
> remember on Mac.  The point is, if you want the Print Screen event passed
> through to the browser, you need to configure the O/S not to intercept it
> (if possible).
>
> -Nick
>

Re: OpenID-Connect HTTP 500

[Justin Gauthier]

I should also note that when in the redirect loop, I can see that the
usual URL of https://guacamole.justin-tech.com/#/ is showing as both ht
tps://guacamole.justin-tech.com/#session. and https://guacamole.justin-
tech.com/#/session.

Thanks again,

Justin

On Thu, 2018-02-08 at 23:37 -0500, Justin Gauthier wrote:
> I have been able to get the redirect from Guacamole to Keycloak to
> work, however, once I login to keycloak, and get redirected back to
> Guacamole, I get put into a redirect loop. It does not look like
> Guacamole is reading the token_id from the URL, and this is causing
> it
> to report invalid credentials, and refreshing.
> 
> In nginx I see the following in the access log:
> 
> 
> 10.0.1.203 - - [08/Feb/2018:23:14:51 -0500] "GET /auth/realms/Justin-
> Tech/protocol/openid-
> connect/auth?scope=openid+email+profile_type=id_token
> _i
> d=guacamole_uri=https%3A%2F%2Fguacamole.justin-
> tech.com%2F=a7tk6oajbm14p4aa5icuad0c60 HTTP
> 
> 
> With each refresh it is getting a new nonce token.
> 
> Additionally, I can see the id_token in the Guacamole URL, as well as
> a
> session state and not-before-policy.
> 
> In the POST to https://guacamole.justin-tech.com/api/tokens, I am
> seeing an Invalid login response, with key: invalid login.
> 
> It is expecting name: id_token, type: GUAC_OPENID_TOKEN, and an
> authorizationURI: https://keycloak.justin-tech.com/auth/realms/Justin
> -T
> ech/protocol/openid-
> connect/auth?scope=openid+email+profile_type=id_token
> _i
> d=guacamole_uri=https%3A%2F%2Fguacamole.justin-
> tech.com%2F=e1s34a0epan04mre7qduhpnrho, type:
> INVALID_CREDENTIALS.
> 
> The response paylode is: {"message":"Invalid
> login.","translatableMessage":{"key":"Invalid
> login.","variables":null},"statusCode":null,"expected":[{"name":"id_t
> ok
> en","type":"GUAC_OPENID_TOKEN","authorizationURI":"https://keycloak.j
> us
> tin-tech.com/auth/realms/Justin-Tech/protocol/openid-
> connect/auth?scope=openid+email+profile_type=id_token
> _i
> d=guacamole_uri=https%3A%2F%2Fguacamole.justin-
> tech.com%2F=e1s34a0epan04mre7qduhpnrho"}],"type":"INVALID_CREDE
> NT
> IALS"}
> 
> I also see a GET for https://guacamole.justin-tech.com/#session_state
> =b
> 1988d87-4a4d-4539-a186-1d2ef58aca04_token=[TOKEN]
> policy=1518147539
> 
> I am seeing the following in the localhost_access_logs:
> 
> 10.0.60.20 - - [08/Feb/2018:23:18:01 -0500] "GET
> /guacamole/api/patches
> HTTP/1.1" 200 352
> 10.0.60.20 - - [08/Feb/2018:23:18:01 -0500] "POST
> /guacamole/api/tokens
> HTTP/1.1" 403 477
> 
> and here are the logs from catalina.log
> 
> Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet
> INFO: Webjars resource requested: /META-
> INF/resources/webjars/jquery/2.1.3/dist/jquery.min.js
> Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet
> INFO: Webjars resource requested: /META-
> INF/resources/webjars/angular/1.3.16/angular.min.js
> Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet
> INFO: Webjars resource requested: /META-
> INF/resources/webjars/lodash/2.4.1/dist/lodash.min.js
> Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet
> INFO: Webjars resource requested: /META-
> INF/resources/webjars/angular-
> cookies/1.3.16/angular-cookies.min.js
> Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet
> INFO: Webjars resource requested: /META-
> INF/resources/webjars/angular-
> route/1.3.16/angular-route.min.js
> Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet
> INFO: Webjars resource requested: /META-
> INF/resources/webjars/angular-
> touch/1.3.16/angular-touch.min.js
> Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet
> INFO: Webjars resource requested: /META-
> INF/resources/webjars/messageformat/1.0.2/messageformat.min.js
> Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet
> INFO: Webjars resource requested: /META-
> INF/resources/webjars/angular-
> translate/2.8.0/angular-translate.min.js
> Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet
> INFO: Webjars resource requested: /META-
> INF/resources/webjars/angular-
> translate-interpolation-messageformat/2.8.0/angular-translate-
> interpolation-messageformat.min.js
> Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet
> INFO: Webjars resource requested: /META-
> INF/resources/webjars/angular-
> translate-loader-static-files/2.8.0/angular-translate-loader-static-
> files.min.js
> Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet
> INFO: Webjars resource requested: /META-INF/resources/webjars/blob-
> polyfill/1.0.20150320/Blob.js
> Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet
> INFO: Webjars resource requested: /META-
> INF/resources/webjars/filesaver/1.3.3/FileSaver.min.js
> Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet
> INFO: Webjars resource requested: /META-
> INF/resources/webjars/angular-
> module-shim/0.0.4/angular-module-shim.js
> 
> Other than 

Re: OpenID-Connect HTTP 500

[Justin Gauthier]

Nick,

I have completed that step, however now I am in an redirect loop.

Once I get home I'll take a look at the logs and provide that information.

Thanks for the help,

Justin


From: Nick Couchman 
Sent: Thursday, February 8, 2018 11:27:05 AM
To: user@guacamole.apache.org
Subject: Re: OpenID-Connect HTTP 500

On Thu, Feb 8, 2018 at 10:00 AM, Justin Gauthier 
> wrote:
Hello everyone,

I have discovered that I had a the openid-redirect-uri incorrectly
specified. That issue has now been resolved, and I get a login screen
now.

Now, when I get that login screen, I can login with credentials stored
in the postgres database, but I do not get redirected to Keycloak. I
see a 403 message with the following information:

{"message":"Invalid login","translatableMessage":{"key":"Invalid
login","variables":null},"statusCode":null,"expected":[{"name":"usernam
e","type":"USERNAME"},{"name":"password","type":"PASSWORD"}],"type":"IN
VALID_CREDENTIALS"}

My understanding is that Guacamole should be redirecting me to Keycloak
to authenticate, and then I should be redirected back to Guacamole with
the authentication token, and it would not ask for the username and
password?

Justin,
Authentication extensions are loaded in alphabetical order, which means the 
OpenID extension is being loaded (and evaluated) after the JDBC extension.  I 
suggest that you rename the OpenID extension to something that will force it to 
load first - when I do this with modules, I usually prefix a number on to them. 
 For example, in the GUACAMOLE_HOME/extensions folder, instead of installing it 
as "gaucamole-auth-openid-0.9.14.jar, install it as 
"guacamole-auth-0-openid-0.9.14.jar" - the -0 before the -openid will cause it 
to be loaded and evaluated prior to the -jdbc JAR, and perhaps allow the 
redirect to happen properly.

Regards,
Nick

Re: Could Guacamole make use of WebRTC now that Gstreamer implements it?

[Nick Couchman]

On Wed, Feb 7, 2018 at 12:25 PM, brian mullan 
wrote:

> Could something like this be used to stream the user's remote desktop to
> the client as a video stream?
>
>
It could, yes, but I'm not certain why you'd want to do this in Guacamole.
Guacamole, while having server and client components, is, at its core, a
protocol.  It's a protocol used to handle streaming remote desktop
information efficiently over HTTP or WebSockets.  While I see a little bit
of overlap, I'm not sure I see a huge amount of value in trying to use it
with Guacamole or replace the Guacamole protocol.  Maybe I'm just missing
something, here, though?


> Maybe that's not the ordinary use for it but the article does say it
> supports Websocket and I thought I remembered Guacamole did also.
>

Yes, WebRTC relies on WebSockets, and Guacamole can use WebSockets (or fall
back to HTTP).


>
> So thought I'd ask if this could be useful/used for a remote desktop
> capability.   Mouse & keyboard events sent to the remote server and the
> remote desktop server's output being streamed via RTC back to the client?
>
>
I'm not sure I see any value to it for the Guacamole project, but, again, I
could be missing something.  Maybe one of the other developers can chime in
with their thoughts...

Thanks!
-Nick

Re: OpenID-Connect HTTP 500

[Nick Couchman]

On Thu, Feb 8, 2018 at 10:00 AM, Justin Gauthier 
wrote:

> Hello everyone,
>
> I have discovered that I had a the openid-redirect-uri incorrectly
> specified. That issue has now been resolved, and I get a login screen
> now.
>
> Now, when I get that login screen, I can login with credentials stored
> in the postgres database, but I do not get redirected to Keycloak. I
> see a 403 message with the following information:
>
> {"message":"Invalid login","translatableMessage":{"key":"Invalid
> login","variables":null},"statusCode":null,"expected":[{"name":"usernam
> e","type":"USERNAME"},{"name":"password","type":"PASSWORD"}],"type":"IN
> VALID_CREDENTIALS"}
>
> My understanding is that Guacamole should be redirecting me to Keycloak
> to authenticate, and then I should be redirected back to Guacamole with
> the authentication token, and it would not ask for the username and
> password?
>

Justin,
Authentication extensions are loaded in alphabetical order, which means the
OpenID extension is being loaded (and evaluated) after the JDBC extension.
I suggest that you rename the OpenID extension to something that will force
it to load first - when I do this with modules, I usually prefix a number
on to them.  For example, in the GUACAMOLE_HOME/extensions folder, instead
of installing it as "gaucamole-auth-openid-0.9.14.jar, install it as
"guacamole-auth-0-openid-0.9.14.jar" - the -0 before the -openid will cause
it to be loaded and evaluated prior to the -jdbc JAR, and perhaps allow the
redirect to happen properly.

Regards,
Nick

RE: killing active connections from command line

[fou fe]

Hi,

Thank you, i m sure there is no user who hitting reconnect.
The connection  is mine  and i have  reboot my host and connection is stil 
there in GUI.


Help

De : Mike Jumper 
Envoyé : jeudi 8 février 2018 09:35
À : user@guacamole.apache.org
Objet : Re: killing active connections from command line

On Thu, Feb 8, 2018 at 12:18 AM, fou fe 
> wrote:
I have one zombie connection in GUI guacamole client .
[cid:73f6fccd-1ffd-43a7-84d9-5072e7a1d472]
I kill it  from GUI ,but it's appear after few seconds.

I think there is no active connection but it's still exist in mysql database.


If you kill the connection within the GUI, but it reappears, it isn't because 
the connection still exists within the database. The set of active connections 
is actually maintained only in memory, and the connection can be reappearing 
only because it is actually being reestablished.

Perhaps the user on the other end of that connection is hitting "reconnect" 
after the connection is closed?

- Mike