Re: Send PrintScreen key to the Remote Desktop
PrintScreen can be captured while Keyup and the keysym is already there in guacamole.js which I tried to send it to the server but didn't worked. Sending the keysym of Printscreen to the RDP server is not copying the image to the remote clipboard. I tried to send both keydown and keyup as well but didn't worked. Any suggestions. Can't we send keysym as we send for normal keys ( a - z or A-Z or 0-9 ) ? On Thu, Feb 8, 2018 at 10:17 PM, Nick Couchmanwrote: > On Thu, Feb 8, 2018 at 5:49 AM, Amarjeet Singh > wrote: > >> Hi Team, >> >> I am unable to use PrintScreen key. >> >> Guacamole is not sending the PrintScreen key to the RDP Desktop. >> >> It is not captured by keydown event but is captured during onkeyup event >> and released by the Guacamole. >> >> > The most likely explanation for this is that the client system is > capturing it before it even gets to the Web Browser. Print Screen is > fairly universally captured by desktop operating systems, and each of them > behave slightly differently in what they do with that key combo. Windows > takes an image and copies it to the clipboard. Many Linux Window Managers > bring up a dialog with the image and ask you what you want to do. Can't > remember on Mac. The point is, if you want the Print Screen event passed > through to the browser, you need to configure the O/S not to intercept it > (if possible). > > -Nick >
Re: OpenID-Connect HTTP 500
I should also note that when in the redirect loop, I can see that the usual URL of https://guacamole.justin-tech.com/#/ is showing as both ht tps://guacamole.justin-tech.com/#session. and https://guacamole.justin- tech.com/#/session. Thanks again, Justin On Thu, 2018-02-08 at 23:37 -0500, Justin Gauthier wrote: > I have been able to get the redirect from Guacamole to Keycloak to > work, however, once I login to keycloak, and get redirected back to > Guacamole, I get put into a redirect loop. It does not look like > Guacamole is reading the token_id from the URL, and this is causing > it > to report invalid credentials, and refreshing. > > In nginx I see the following in the access log: > > > 10.0.1.203 - - [08/Feb/2018:23:14:51 -0500] "GET /auth/realms/Justin- > Tech/protocol/openid- > connect/auth?scope=openid+email+profile_type=id_token > _i > d=guacamole_uri=https%3A%2F%2Fguacamole.justin- > tech.com%2F=a7tk6oajbm14p4aa5icuad0c60 HTTP > > > With each refresh it is getting a new nonce token. > > Additionally, I can see the id_token in the Guacamole URL, as well as > a > session state and not-before-policy. > > In the POST to https://guacamole.justin-tech.com/api/tokens, I am > seeing an Invalid login response, with key: invalid login. > > It is expecting name: id_token, type: GUAC_OPENID_TOKEN, and an > authorizationURI: https://keycloak.justin-tech.com/auth/realms/Justin > -T > ech/protocol/openid- > connect/auth?scope=openid+email+profile_type=id_token > _i > d=guacamole_uri=https%3A%2F%2Fguacamole.justin- > tech.com%2F=e1s34a0epan04mre7qduhpnrho, type: > INVALID_CREDENTIALS. > > The response paylode is: {"message":"Invalid > login.","translatableMessage":{"key":"Invalid > login.","variables":null},"statusCode":null,"expected":[{"name":"id_t > ok > en","type":"GUAC_OPENID_TOKEN","authorizationURI":"https://keycloak.j > us > tin-tech.com/auth/realms/Justin-Tech/protocol/openid- > connect/auth?scope=openid+email+profile_type=id_token > _i > d=guacamole_uri=https%3A%2F%2Fguacamole.justin- > tech.com%2F=e1s34a0epan04mre7qduhpnrho"}],"type":"INVALID_CREDE > NT > IALS"} > > I also see a GET for https://guacamole.justin-tech.com/#session_state > =b > 1988d87-4a4d-4539-a186-1d2ef58aca04_token=[TOKEN] > policy=1518147539 > > I am seeing the following in the localhost_access_logs: > > 10.0.60.20 - - [08/Feb/2018:23:18:01 -0500] "GET > /guacamole/api/patches > HTTP/1.1" 200 352 > 10.0.60.20 - - [08/Feb/2018:23:18:01 -0500] "POST > /guacamole/api/tokens > HTTP/1.1" 403 477 > > and here are the logs from catalina.log > > Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet > INFO: Webjars resource requested: /META- > INF/resources/webjars/jquery/2.1.3/dist/jquery.min.js > Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet > INFO: Webjars resource requested: /META- > INF/resources/webjars/angular/1.3.16/angular.min.js > Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet > INFO: Webjars resource requested: /META- > INF/resources/webjars/lodash/2.4.1/dist/lodash.min.js > Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet > INFO: Webjars resource requested: /META- > INF/resources/webjars/angular- > cookies/1.3.16/angular-cookies.min.js > Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet > INFO: Webjars resource requested: /META- > INF/resources/webjars/angular- > route/1.3.16/angular-route.min.js > Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet > INFO: Webjars resource requested: /META- > INF/resources/webjars/angular- > touch/1.3.16/angular-touch.min.js > Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet > INFO: Webjars resource requested: /META- > INF/resources/webjars/messageformat/1.0.2/messageformat.min.js > Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet > INFO: Webjars resource requested: /META- > INF/resources/webjars/angular- > translate/2.8.0/angular-translate.min.js > Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet > INFO: Webjars resource requested: /META- > INF/resources/webjars/angular- > translate-interpolation-messageformat/2.8.0/angular-translate- > interpolation-messageformat.min.js > Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet > INFO: Webjars resource requested: /META- > INF/resources/webjars/angular- > translate-loader-static-files/2.8.0/angular-translate-loader-static- > files.min.js > Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet > INFO: Webjars resource requested: /META-INF/resources/webjars/blob- > polyfill/1.0.20150320/Blob.js > Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet > INFO: Webjars resource requested: /META- > INF/resources/webjars/filesaver/1.3.3/FileSaver.min.js > Feb 08, 2018 11:27:40 PM org.webjars.servlet.WebjarsServlet doGet > INFO: Webjars resource requested: /META- > INF/resources/webjars/angular- > module-shim/0.0.4/angular-module-shim.js > > Other than
Re: OpenID-Connect HTTP 500
Nick, I have completed that step, however now I am in an redirect loop. Once I get home I'll take a look at the logs and provide that information. Thanks for the help, Justin From: Nick CouchmanSent: Thursday, February 8, 2018 11:27:05 AM To: user@guacamole.apache.org Subject: Re: OpenID-Connect HTTP 500 On Thu, Feb 8, 2018 at 10:00 AM, Justin Gauthier > wrote: Hello everyone, I have discovered that I had a the openid-redirect-uri incorrectly specified. That issue has now been resolved, and I get a login screen now. Now, when I get that login screen, I can login with credentials stored in the postgres database, but I do not get redirected to Keycloak. I see a 403 message with the following information: {"message":"Invalid login","translatableMessage":{"key":"Invalid login","variables":null},"statusCode":null,"expected":[{"name":"usernam e","type":"USERNAME"},{"name":"password","type":"PASSWORD"}],"type":"IN VALID_CREDENTIALS"} My understanding is that Guacamole should be redirecting me to Keycloak to authenticate, and then I should be redirected back to Guacamole with the authentication token, and it would not ask for the username and password? Justin, Authentication extensions are loaded in alphabetical order, which means the OpenID extension is being loaded (and evaluated) after the JDBC extension. I suggest that you rename the OpenID extension to something that will force it to load first - when I do this with modules, I usually prefix a number on to them. For example, in the GUACAMOLE_HOME/extensions folder, instead of installing it as "gaucamole-auth-openid-0.9.14.jar, install it as "guacamole-auth-0-openid-0.9.14.jar" - the -0 before the -openid will cause it to be loaded and evaluated prior to the -jdbc JAR, and perhaps allow the redirect to happen properly. Regards, Nick
Re: Could Guacamole make use of WebRTC now that Gstreamer implements it?
On Wed, Feb 7, 2018 at 12:25 PM, brian mullanwrote: > Could something like this be used to stream the user's remote desktop to > the client as a video stream? > > It could, yes, but I'm not certain why you'd want to do this in Guacamole. Guacamole, while having server and client components, is, at its core, a protocol. It's a protocol used to handle streaming remote desktop information efficiently over HTTP or WebSockets. While I see a little bit of overlap, I'm not sure I see a huge amount of value in trying to use it with Guacamole or replace the Guacamole protocol. Maybe I'm just missing something, here, though? > Maybe that's not the ordinary use for it but the article does say it > supports Websocket and I thought I remembered Guacamole did also. > Yes, WebRTC relies on WebSockets, and Guacamole can use WebSockets (or fall back to HTTP). > > So thought I'd ask if this could be useful/used for a remote desktop > capability. Mouse & keyboard events sent to the remote server and the > remote desktop server's output being streamed via RTC back to the client? > > I'm not sure I see any value to it for the Guacamole project, but, again, I could be missing something. Maybe one of the other developers can chime in with their thoughts... Thanks! -Nick
Re: OpenID-Connect HTTP 500
On Thu, Feb 8, 2018 at 10:00 AM, Justin Gauthierwrote: > Hello everyone, > > I have discovered that I had a the openid-redirect-uri incorrectly > specified. That issue has now been resolved, and I get a login screen > now. > > Now, when I get that login screen, I can login with credentials stored > in the postgres database, but I do not get redirected to Keycloak. I > see a 403 message with the following information: > > {"message":"Invalid login","translatableMessage":{"key":"Invalid > login","variables":null},"statusCode":null,"expected":[{"name":"usernam > e","type":"USERNAME"},{"name":"password","type":"PASSWORD"}],"type":"IN > VALID_CREDENTIALS"} > > My understanding is that Guacamole should be redirecting me to Keycloak > to authenticate, and then I should be redirected back to Guacamole with > the authentication token, and it would not ask for the username and > password? > Justin, Authentication extensions are loaded in alphabetical order, which means the OpenID extension is being loaded (and evaluated) after the JDBC extension. I suggest that you rename the OpenID extension to something that will force it to load first - when I do this with modules, I usually prefix a number on to them. For example, in the GUACAMOLE_HOME/extensions folder, instead of installing it as "gaucamole-auth-openid-0.9.14.jar, install it as "guacamole-auth-0-openid-0.9.14.jar" - the -0 before the -openid will cause it to be loaded and evaluated prior to the -jdbc JAR, and perhaps allow the redirect to happen properly. Regards, Nick
RE: killing active connections from command line
Hi, Thank you, i m sure there is no user who hitting reconnect. The connection is mine and i have reboot my host and connection is stil there in GUI. Help De : Mike JumperEnvoyé : jeudi 8 février 2018 09:35 À : user@guacamole.apache.org Objet : Re: killing active connections from command line On Thu, Feb 8, 2018 at 12:18 AM, fou fe > wrote: I have one zombie connection in GUI guacamole client . [cid:73f6fccd-1ffd-43a7-84d9-5072e7a1d472] I kill it from GUI ,but it's appear after few seconds. I think there is no active connection but it's still exist in mysql database. If you kill the connection within the GUI, but it reappears, it isn't because the connection still exists within the database. The set of active connections is actually maintained only in memory, and the connection can be reappearing only because it is actually being reestablished. Perhaps the user on the other end of that connection is hitting "reconnect" after the connection is closed? - Mike