[jira] [Commented] (GUACAMOLE-29) Add support for requesting HTTP Basic Authentication
[ https://issues.apache.org/jira/browse/GUACAMOLE-29?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16358797#comment-16358797 ] Nick Couchman commented on GUACAMOLE-29: And one more question, here. Is the idea here that Guacamole throws a 401 allowing an upstream server to authenticate, and then Guacamole accepts the authentication (similar to the Header authentication module)? Or is the idea that Guacamole throws a 401 to trigger authentication, and that the authentication information provided gets passed back to Guacamole (perhaps to another underlying module) for validation? > Add support for requesting HTTP Basic Authentication > > > Key: GUACAMOLE-29 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-29 > Project: Guacamole > Issue Type: Improvement >Reporter: Michael Jumper >Priority: Minor > > {panel:bgColor=#EE} > *The description of this issue was copied from > [GUAC-1489|https://glyptodon.org/jira/browse/GUAC-1489], an issue in the JIRA > instance used by the Guacamole project prior to its acceptance into the > Apache Incubator.* > Comments, attachments, related issues, and history from prior to acceptance > *have not been copied* and can be found instead at the original issue. > {panel} > Some reverse proxies support SSO via HTTP Basic authentication if the server > requests it with 401 Unauthorized response. > As Guacamole already reads Authorization header, it looks trivial to add > guacamole.properties option such as "enable-http-basic-auth", to tell > Guacamole to request HTTP Basic Authentication . > PR on its way :) > Thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (GUACAMOLE-29) Add support for requesting HTTP Basic Authentication
[ https://issues.apache.org/jira/browse/GUACAMOLE-29?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16358778#comment-16358778 ] Nick Couchman commented on GUACAMOLE-29: So, in developing this under the assumption that the changes in 504 will be good (rebased on top of those changes), I ran into one more issue. This also requires a specific header to be set (WWW-Authenticate), which isn't currently possible to do from an extension. I went ahead and implemented it, anyway, which you'll see in the PR as soon as the changes in 504 go through, but not sure my way of doing it is really the best way to go about it, or if there's even a good way to deal with that. Anyway, again, we'll see that once 504 is done. > Add support for requesting HTTP Basic Authentication > > > Key: GUACAMOLE-29 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-29 > Project: Guacamole > Issue Type: Improvement >Reporter: Michael Jumper >Priority: Minor > > {panel:bgColor=#EE} > *The description of this issue was copied from > [GUAC-1489|https://glyptodon.org/jira/browse/GUAC-1489], an issue in the JIRA > instance used by the Guacamole project prior to its acceptance into the > Apache Incubator.* > Comments, attachments, related issues, and history from prior to acceptance > *have not been copied* and can be found instead at the original issue. > {panel} > Some reverse proxies support SSO via HTTP Basic authentication if the server > requests it with 401 Unauthorized response. > As Guacamole already reads Authorization header, it looks trivial to add > guacamole.properties option such as "enable-http-basic-auth", to tell > Guacamole to request HTTP Basic Authentication . > PR on its way :) > Thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (GUACAMOLE-29) Add support for requesting HTTP Basic Authentication
[ https://issues.apache.org/jira/browse/GUACAMOLE-29?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16356460#comment-16356460 ] Nick Couchman commented on GUACAMOLE-29: Opened GUACAMOLE-504 for the HTTP Status Code, and submitted a PR. > Add support for requesting HTTP Basic Authentication > > > Key: GUACAMOLE-29 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-29 > Project: Guacamole > Issue Type: Improvement >Reporter: Michael Jumper >Priority: Minor > > {panel:bgColor=#EE} > *The description of this issue was copied from > [GUAC-1489|https://glyptodon.org/jira/browse/GUAC-1489], an issue in the JIRA > instance used by the Guacamole project prior to its acceptance into the > Apache Incubator.* > Comments, attachments, related issues, and history from prior to acceptance > *have not been copied* and can be found instead at the original issue. > {panel} > Some reverse proxies support SSO via HTTP Basic authentication if the server > requests it with 401 Unauthorized response. > As Guacamole already reads Authorization header, it looks trivial to add > guacamole.properties option such as "enable-http-basic-auth", to tell > Guacamole to request HTTP Basic Authentication . > PR on its way :) > Thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (GUACAMOLE-29) Add support for requesting HTTP Basic Authentication
[ https://issues.apache.org/jira/browse/GUACAMOLE-29?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16356033#comment-16356033 ] Michael Jumper commented on GUACAMOLE-29: - Actually ... I'm not quite right, there. An extension *can't* just override the HTTP status with a subclass, as the HTTP status is dictated by the {{GuacamoleStatus}}. If we wanted to allow this, we could provide an analogous {{getHttpStatusCode()}} function at the {{GuacamoleException}} level, with the default implementation being to derive that from {{GuacamoleStatus}}. > Add support for requesting HTTP Basic Authentication > > > Key: GUACAMOLE-29 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-29 > Project: Guacamole > Issue Type: Improvement >Reporter: Michael Jumper >Priority: Minor > > {panel:bgColor=#EE} > *The description of this issue was copied from > [GUAC-1489|https://glyptodon.org/jira/browse/GUAC-1489], an issue in the JIRA > instance used by the Guacamole project prior to its acceptance into the > Apache Incubator.* > Comments, attachments, related issues, and history from prior to acceptance > *have not been copied* and can be found instead at the original issue. > {panel} > Some reverse proxies support SSO via HTTP Basic authentication if the server > requests it with 401 Unauthorized response. > As Guacamole already reads Authorization header, it looks trivial to add > guacamole.properties option such as "enable-http-basic-auth", to tell > Guacamole to request HTTP Basic Authentication . > PR on its way :) > Thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (GUACAMOLE-29) Add support for requesting HTTP Basic Authentication
[ https://issues.apache.org/jira/browse/GUACAMOLE-29?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16356027#comment-16356027 ] Michael Jumper commented on GUACAMOLE-29: - I'm not sure. To me, it seems a bit too much of a corner case to dedicate a top-level configuration parameter like the description suggests. I wouldn't be against supporting this via an extension, though. Now that the HTTP status code is determined completely by {{GuacamoleException}} (due to your changes via GUACAMOLE-499), this can actually work. The extension can use its own subclass of {{GuacamoleUnauthorizedException}} to specify an HTTP status code of 401. > Add support for requesting HTTP Basic Authentication > > > Key: GUACAMOLE-29 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-29 > Project: Guacamole > Issue Type: Improvement >Reporter: Michael Jumper >Priority: Minor > > {panel:bgColor=#EE} > *The description of this issue was copied from > [GUAC-1489|https://glyptodon.org/jira/browse/GUAC-1489], an issue in the JIRA > instance used by the Guacamole project prior to its acceptance into the > Apache Incubator.* > Comments, attachments, related issues, and history from prior to acceptance > *have not been copied* and can be found instead at the original issue. > {panel} > Some reverse proxies support SSO via HTTP Basic authentication if the server > requests it with 401 Unauthorized response. > As Guacamole already reads Authorization header, it looks trivial to add > guacamole.properties option such as "enable-http-basic-auth", to tell > Guacamole to request HTTP Basic Authentication . > PR on its way :) > Thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (GUACAMOLE-29) Add support for requesting HTTP Basic Authentication
[ https://issues.apache.org/jira/browse/GUACAMOLE-29?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16351633#comment-16351633 ] Nick Couchman commented on GUACAMOLE-29: So, [~mike.jumper], for this particular issue, is it: * Worth doing? * Worth doing in the main Guacamole application? * Worth trying to do in an extension, instead? * Not worth it, since the HTTP Header extension is available? I took a look at the origin pull request submitted on the Glyptodon repo, and the code has changed significantly since then, and I'm not sure it makes sense at all to try to override the status code being sent back. In the current version the CLIENT_UNAUTHORIZED status is pushed over to a 403 status code instead of 401, with specific notes about 401 causing potentially unwanted behavior. Furthermore, the various CredentialException classes seem to rely on this in order to function, as they all throw the CLIENT_UNAUTHORIZED status instead of CLIENT_FORBIDDEN. So, obviously it isn't as simple as just setting the status code to 401, as that would have larger implications. Thoughts? > Add support for requesting HTTP Basic Authentication > > > Key: GUACAMOLE-29 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-29 > Project: Guacamole > Issue Type: Improvement >Reporter: Michael Jumper >Priority: Major > > {panel:bgColor=#EE} > *The description of this issue was copied from > [GUAC-1489|https://glyptodon.org/jira/browse/GUAC-1489], an issue in the JIRA > instance used by the Guacamole project prior to its acceptance into the > Apache Incubator.* > Comments, attachments, related issues, and history from prior to acceptance > *have not been copied* and can be found instead at the original issue. > {panel} > Some reverse proxies support SSO via HTTP Basic authentication if the server > requests it with 401 Unauthorized response. > As Guacamole already reads Authorization header, it looks trivial to add > guacamole.properties option such as "enable-http-basic-auth", to tell > Guacamole to request HTTP Basic Authentication . > PR on its way :) > Thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)