[jira] [Commented] (GUACAMOLE-29) Add support for requesting HTTP Basic Authentication
[
https://issues.apache.org/jira/browse/GUACAMOLE-29?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16358797#comment-16358797
]
Nick Couchman commented on GUACAMOLE-29:
And one more question, here. Is the idea here that Guacamole throws a 401
allowing an upstream server to authenticate, and then Guacamole accepts the
authentication (similar to the Header authentication module)? Or is the idea
that Guacamole throws a 401 to trigger authentication, and that the
authentication information provided gets passed back to Guacamole (perhaps to
another underlying module) for validation?
> Add support for requesting HTTP Basic Authentication
>
>
> Key: GUACAMOLE-29
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-29
> Project: Guacamole
> Issue Type: Improvement
>Reporter: Michael Jumper
>Priority: Minor
>
> {panel:bgColor=#EE}
> *The description of this issue was copied from
> [GUAC-1489|https://glyptodon.org/jira/browse/GUAC-1489], an issue in the JIRA
> instance used by the Guacamole project prior to its acceptance into the
> Apache Incubator.*
> Comments, attachments, related issues, and history from prior to acceptance
> *have not been copied* and can be found instead at the original issue.
> {panel}
> Some reverse proxies support SSO via HTTP Basic authentication if the server
> requests it with 401 Unauthorized response.
> As Guacamole already reads Authorization header, it looks trivial to add
> guacamole.properties option such as "enable-http-basic-auth", to tell
> Guacamole to request HTTP Basic Authentication .
> PR on its way :)
> Thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (GUACAMOLE-29) Add support for requesting HTTP Basic Authentication
[
https://issues.apache.org/jira/browse/GUACAMOLE-29?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16358778#comment-16358778
]
Nick Couchman commented on GUACAMOLE-29:
So, in developing this under the assumption that the changes in 504 will be
good (rebased on top of those changes), I ran into one more issue. This also
requires a specific header to be set (WWW-Authenticate), which isn't currently
possible to do from an extension. I went ahead and implemented it, anyway,
which you'll see in the PR as soon as the changes in 504 go through, but not
sure my way of doing it is really the best way to go about it, or if there's
even a good way to deal with that. Anyway, again, we'll see that once 504 is
done.
> Add support for requesting HTTP Basic Authentication
>
>
> Key: GUACAMOLE-29
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-29
> Project: Guacamole
> Issue Type: Improvement
>Reporter: Michael Jumper
>Priority: Minor
>
> {panel:bgColor=#EE}
> *The description of this issue was copied from
> [GUAC-1489|https://glyptodon.org/jira/browse/GUAC-1489], an issue in the JIRA
> instance used by the Guacamole project prior to its acceptance into the
> Apache Incubator.*
> Comments, attachments, related issues, and history from prior to acceptance
> *have not been copied* and can be found instead at the original issue.
> {panel}
> Some reverse proxies support SSO via HTTP Basic authentication if the server
> requests it with 401 Unauthorized response.
> As Guacamole already reads Authorization header, it looks trivial to add
> guacamole.properties option such as "enable-http-basic-auth", to tell
> Guacamole to request HTTP Basic Authentication .
> PR on its way :)
> Thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (GUACAMOLE-29) Add support for requesting HTTP Basic Authentication
[
https://issues.apache.org/jira/browse/GUACAMOLE-29?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16356460#comment-16356460
]
Nick Couchman commented on GUACAMOLE-29:
Opened GUACAMOLE-504 for the HTTP Status Code, and submitted a PR.
> Add support for requesting HTTP Basic Authentication
>
>
> Key: GUACAMOLE-29
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-29
> Project: Guacamole
> Issue Type: Improvement
>Reporter: Michael Jumper
>Priority: Minor
>
> {panel:bgColor=#EE}
> *The description of this issue was copied from
> [GUAC-1489|https://glyptodon.org/jira/browse/GUAC-1489], an issue in the JIRA
> instance used by the Guacamole project prior to its acceptance into the
> Apache Incubator.*
> Comments, attachments, related issues, and history from prior to acceptance
> *have not been copied* and can be found instead at the original issue.
> {panel}
> Some reverse proxies support SSO via HTTP Basic authentication if the server
> requests it with 401 Unauthorized response.
> As Guacamole already reads Authorization header, it looks trivial to add
> guacamole.properties option such as "enable-http-basic-auth", to tell
> Guacamole to request HTTP Basic Authentication .
> PR on its way :)
> Thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (GUACAMOLE-29) Add support for requesting HTTP Basic Authentication
[
https://issues.apache.org/jira/browse/GUACAMOLE-29?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16356033#comment-16356033
]
Michael Jumper commented on GUACAMOLE-29:
-
Actually ... I'm not quite right, there. An extension *can't* just override the
HTTP status with a subclass, as the HTTP status is dictated by the
{{GuacamoleStatus}}. If we wanted to allow this, we could provide an analogous
{{getHttpStatusCode()}} function at the {{GuacamoleException}} level, with the
default implementation being to derive that from {{GuacamoleStatus}}.
> Add support for requesting HTTP Basic Authentication
>
>
> Key: GUACAMOLE-29
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-29
> Project: Guacamole
> Issue Type: Improvement
>Reporter: Michael Jumper
>Priority: Minor
>
> {panel:bgColor=#EE}
> *The description of this issue was copied from
> [GUAC-1489|https://glyptodon.org/jira/browse/GUAC-1489], an issue in the JIRA
> instance used by the Guacamole project prior to its acceptance into the
> Apache Incubator.*
> Comments, attachments, related issues, and history from prior to acceptance
> *have not been copied* and can be found instead at the original issue.
> {panel}
> Some reverse proxies support SSO via HTTP Basic authentication if the server
> requests it with 401 Unauthorized response.
> As Guacamole already reads Authorization header, it looks trivial to add
> guacamole.properties option such as "enable-http-basic-auth", to tell
> Guacamole to request HTTP Basic Authentication .
> PR on its way :)
> Thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (GUACAMOLE-29) Add support for requesting HTTP Basic Authentication
[
https://issues.apache.org/jira/browse/GUACAMOLE-29?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16356027#comment-16356027
]
Michael Jumper commented on GUACAMOLE-29:
-
I'm not sure. To me, it seems a bit too much of a corner case to dedicate a
top-level configuration parameter like the description suggests. I wouldn't be
against supporting this via an extension, though. Now that the HTTP status code
is determined completely by {{GuacamoleException}} (due to your changes via
GUACAMOLE-499), this can actually work. The extension can use its own subclass
of {{GuacamoleUnauthorizedException}} to specify an HTTP status code of 401.
> Add support for requesting HTTP Basic Authentication
>
>
> Key: GUACAMOLE-29
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-29
> Project: Guacamole
> Issue Type: Improvement
>Reporter: Michael Jumper
>Priority: Minor
>
> {panel:bgColor=#EE}
> *The description of this issue was copied from
> [GUAC-1489|https://glyptodon.org/jira/browse/GUAC-1489], an issue in the JIRA
> instance used by the Guacamole project prior to its acceptance into the
> Apache Incubator.*
> Comments, attachments, related issues, and history from prior to acceptance
> *have not been copied* and can be found instead at the original issue.
> {panel}
> Some reverse proxies support SSO via HTTP Basic authentication if the server
> requests it with 401 Unauthorized response.
> As Guacamole already reads Authorization header, it looks trivial to add
> guacamole.properties option such as "enable-http-basic-auth", to tell
> Guacamole to request HTTP Basic Authentication .
> PR on its way :)
> Thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (GUACAMOLE-29) Add support for requesting HTTP Basic Authentication
[
https://issues.apache.org/jira/browse/GUACAMOLE-29?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16351633#comment-16351633
]
Nick Couchman commented on GUACAMOLE-29:
So, [~mike.jumper], for this particular issue, is it:
* Worth doing?
* Worth doing in the main Guacamole application?
* Worth trying to do in an extension, instead?
* Not worth it, since the HTTP Header extension is available?
I took a look at the origin pull request submitted on the Glyptodon repo, and
the code has changed significantly since then, and I'm not sure it makes sense
at all to try to override the status code being sent back. In the current
version the CLIENT_UNAUTHORIZED status is pushed over to a 403 status code
instead of 401, with specific notes about 401 causing potentially unwanted
behavior. Furthermore, the various CredentialException classes seem to rely on
this in order to function, as they all throw the CLIENT_UNAUTHORIZED status
instead of CLIENT_FORBIDDEN. So, obviously it isn't as simple as just setting
the status code to 401, as that would have larger implications.
Thoughts?
> Add support for requesting HTTP Basic Authentication
>
>
> Key: GUACAMOLE-29
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-29
> Project: Guacamole
> Issue Type: Improvement
>Reporter: Michael Jumper
>Priority: Major
>
> {panel:bgColor=#EE}
> *The description of this issue was copied from
> [GUAC-1489|https://glyptodon.org/jira/browse/GUAC-1489], an issue in the JIRA
> instance used by the Guacamole project prior to its acceptance into the
> Apache Incubator.*
> Comments, attachments, related issues, and history from prior to acceptance
> *have not been copied* and can be found instead at the original issue.
> {panel}
> Some reverse proxies support SSO via HTTP Basic authentication if the server
> requests it with 401 Unauthorized response.
> As Guacamole already reads Authorization header, it looks trivial to add
> guacamole.properties option such as "enable-http-basic-auth", to tell
> Guacamole to request HTTP Basic Authentication .
> PR on its way :)
> Thanks!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
