Re: Sharing Profile Questions
On Wed, Dec 8, 2021, 08:37 Nick Couchman wrote: > On Wed, Dec 8, 2021 at 5:43 AM Barak, Tal > wrote: > >> Hello, >> >> >> >> I will appreciate your help with the following two questions: >> >> >> >>1. Is there a way to create a sharing profile link which only >>authenticated users will able to view/use? When I create a sharing profile >>link from the menu, the link can be used by all users including anonymous >>users. >> >> >> Not creating the link, no - the entire point of creating a sharing > profile link is that you can provide that link to anyone and they will able > to use it, whether or not they are signed in to Guacamole. It's honestly > been a while since I messed around with connection sharing - it isn't > something I use all that much - so I can't remember if there's any other > way for users to access that shared connection. > > > >> >>1. >>2. I understand that users with administrative privilege can view an >>existing session even if a sharing profile link wasn’t generated and no >>sharing profile is defined under the connection settings >>(If I understand correctly, this can be done by going, as an >>administrator, to sessions -> active connections and then clicking on the >>link in the left side of the desired connection row). >> >>However, when using this method, the administrator joins the session >>with full controls, as opposed to sharing profile which you can limit to >>read-only. Is there a way to limit administrators when they join sessions >>so they will have read-only permissions only? >> >> >> > > No, there is no way to limit administrators to read-only access to the > connections - that's part of what being an Administrator in Guacamole > entails. > This is possible through an extension (decorate the GuacamoleTunnel returned for the active connection, apply a filter that rejects inbound instructions except for "sync" and "nop"). In general, I think it could be a useful feature to have the guac UI automatically disable mouse/keyboard input for joined active sessions, with some button or similar unlocking the session when the admin needs control. - Mike
Re: Simple extension not working
Thanks, that was it.It's in fact described at the bottom of https://guacamole.apache.org/doc/gug/event-listeners.html but your explanations are more cleare. Sam Le mercredi 8 décembre 2021, 12:18:48 UTC+1, Mike Jumper a écrit : On Wed, Dec 8, 2021, 02:17 sam g wrote: Hello, I can't figure out how to make the simple extension describe here https://guacamole.apache.org/doc/gug/guacamole-ext.html , "Updating existing HTML", to work. ... The build is successful:[INFO] Building tar: /home/sam/guacamole-client-1.3.0/target/guacamole-client-1.3.0.tar.gz [INFO] [INFO] Reactor Summary: [INFO] ... [INFO] guacamole-auth-saml 1.3.0 .. SUCCESS [ 0.744 s] [INFO] guacamole-toto 1.3.0 ... SUCCESS [ 0.122 s] [INFO] guacamole-client 1.3.0 . SUCCESS [ 2.615 s] [INFO] [INFO] BUILD SUCCESS [INFO] Tomcat is stopped, the war copied in the right place, Tomcat is started.I checked and the html file and the manifest are in the war.Still, nothing is displayed on the logon page. What am I missing? How can I debug this? There is a bit of a misunderstanding here about what an extension is. An extension does not need to be part of the guacamole-client build or source tree, nor will being part of the build have any effect on the .war, nor will the presence of a guac-manifest.json in the .war file have any impact on the webapp. An extension is an independent .jar file that contains a guac-manifest.json. This is part of the point of extensions: they can be developed independently of the mainline source and installed without rebuilding the source. To create an extension, you create a .jar file that follows the format described in the documentation: https://guacamole.apache.org/doc/gug/guacamole-ext.html#ext-file-format | | | | Chapter 23. guacamole-ext | | | To install an extension, you copy the .jar produced into GUACAMOLE_HOME/extensions/ (typically "/etc/guacamole/extensions"), just as you would any of the standard extensions like the database support: https://guacamole.apache.org/doc/gug/configuring-guacamole.html#guacamole-home When the Guacamole webapp starts up, it will look through that directory for .jar files containing a guac-manifest.json and load those extensions. An example is provided demonstrating the basics of the extension format and how HTML can be modified: https://github.com/apache/guacamole-client/tree/master/doc/guacamole-branding-example - Mike
Re: Sharing Profile Questions
On Wed, Dec 8, 2021 at 5:43 AM Barak, Tal wrote: > Hello, > > > > I will appreciate your help with the following two questions: > > > >1. Is there a way to create a sharing profile link which only >authenticated users will able to view/use? When I create a sharing profile >link from the menu, the link can be used by all users including anonymous >users. > > > Not creating the link, no - the entire point of creating a sharing profile link is that you can provide that link to anyone and they will able to use it, whether or not they are signed in to Guacamole. It's honestly been a while since I messed around with connection sharing - it isn't something I use all that much - so I can't remember if there's any other way for users to access that shared connection. > >1. >2. I understand that users with administrative privilege can view an >existing session even if a sharing profile link wasn’t generated and no >sharing profile is defined under the connection settings >(If I understand correctly, this can be done by going, as an >administrator, to sessions -> active connections and then clicking on the >link in the left side of the desired connection row). > >However, when using this method, the administrator joins the session >with full controls, as opposed to sharing profile which you can limit to >read-only. Is there a way to limit administrators when they join sessions >so they will have read-only permissions only? > > > No, there is no way to limit administrators to read-only access to the connections - that's part of what being an Administrator in Guacamole entails. -Nick >
Re: Simple extension not working
On Wed, Dec 8, 2021, 02:17 sam g wrote: > Hello, > > I can't figure out how to make the simple extension describe here > https://guacamole.apache.org/doc/gug/guacamole-ext.html , "Updating > existing HTML", to work. > > ... > > The build is successful: > [INFO] Building tar: > /home/sam/guacamole-client-1.3.0/target/guacamole-client-1.3.0.tar.gz > [INFO] > > [INFO] Reactor Summary: > [INFO] > ... > [INFO] guacamole-auth-saml 1.3.0 .. SUCCESS [ > 0.744 s] > *[INFO] guacamole-toto 1.3.0 ... SUCCESS [ > 0.122 s]* > [INFO] guacamole-client 1.3.0 . SUCCESS [ > 2.615 s] > [INFO] > > [INFO] BUILD SUCCESS > [INFO] > > > Tomcat is stopped, the war copied in the right place, Tomcat is started. > I checked and the html file and the manifest are in the war. > Still, nothing is displayed on the logon page. > > What am I missing? How can I debug this? > There is a bit of a misunderstanding here about what an extension is. An extension does not need to be part of the guacamole-client build or source tree, nor will being part of the build have any effect on the .war, nor will the presence of a guac-manifest.json *in the .war file* have any impact on the webapp. An extension is an independent .jar file that contains a guac-manifest.json. This is part of the point of extensions: they can be developed independently of the mainline source and installed without rebuilding the source. To create an extension, you create a .jar file that follows the format described in the documentation: https://guacamole.apache.org/doc/gug/guacamole-ext.html#ext-file-format To install an extension, you copy the .jar produced into GUACAMOLE_HOME/extensions/ (typically "/etc/guacamole/extensions"), just as you would any of the standard extensions like the database support: https://guacamole.apache.org/doc/gug/configuring-guacamole.html#guacamole-home When the Guacamole webapp starts up, it will look through that directory for .jar files containing a guac-manifest.json and load those extensions. An example is provided demonstrating the basics of the extension format and how HTML can be modified: https://github.com/apache/guacamole-client/tree/master/doc/guacamole-branding-example - Mike
Sharing Profile Questions
Hello, I will appreciate your help with the following two questions: 1. Is there a way to create a sharing profile link which only authenticated users will able to view/use? When I create a sharing profile link from the menu, the link can be used by all users including anonymous users. 2. I understand that users with administrative privilege can view an existing session even if a sharing profile link wasn't generated and no sharing profile is defined under the connection settings (If I understand correctly, this can be done by going, as an administrator, to sessions -> active connections and then clicking on the link in the left side of the desired connection row). However, when using this method, the administrator joins the session with full controls, as opposed to sharing profile which you can limit to read-only. Is there a way to limit administrators when they join sessions so they will have read-only permissions only? Best regards, Tal Barak.
Simple extension not working
Hello, I can't figure out how to make the simple extension describe here https://guacamole.apache.org/doc/gug/guacamole-ext.html , "Updating existing HTML", to work. The guac-manifest.json looks like thi: { "guacamoleVersion" : "1.3.0", "name" : "TOTO", "namespace" : "toto", "html" : [ "loginDisclaimer.html" ] } The loginDisclaimer.html looks like this: Welcome to our Guacamole server! Please be sure to read our privacy policy before continuing. The build is successful:[INFO] Building tar: /home/sam/guacamole-client-1.3.0/target/guacamole-client-1.3.0.tar.gz [INFO] [INFO] Reactor Summary: [INFO] [INFO] guacamole-common 1.3.0 . SUCCESS [ 7.898 s] [INFO] guacamole-ext 1.3.0 SUCCESS [ 7.707 s] [INFO] guacamole-common-js 1.3.0 .. SUCCESS [ 0.963 s] [INFO] guacamole 1.3.0 SUCCESS [ 10.496 s] [INFO] guacamole-auth-header 1.2.0 SUCCESS [ 0.449 s] [INFO] guacamole-auth-jdbc 1.3.0 .. SUCCESS [ 0.005 s] [INFO] guacamole-auth-jdbc-base 1.3.0 . SUCCESS [ 2.761 s] [INFO] guacamole-auth-jdbc-mysql 1.3.0 SUCCESS [ 3.156 s] [INFO] guacamole-auth-jdbc-postgresql 1.3.0 ... SUCCESS [ 2.894 s] [INFO] guacamole-auth-jdbc-sqlserver 1.3.0 SUCCESS [ 2.784 s] [INFO] guacamole-auth-jdbc-dist 1.3.0 . SUCCESS [ 0.839 s] [INFO] guacamole-auth-saml 1.3.0 .. SUCCESS [ 0.744 s] [INFO] guacamole-toto 1.3.0 ... SUCCESS [ 0.122 s] [INFO] guacamole-client 1.3.0 . SUCCESS [ 2.615 s] [INFO] [INFO] BUILD SUCCESS [INFO] Tomcat is stopped, the war copied in the right place, Tomcat is started.I checked and the html file and the manifest are in the war.Still, nothing is displayed on the logon page. What am I missing? How can I debug this? Thanks,Sam