Thanks Mike for detailed information and saving hours in pursuing wrong path.
I'd definitely look into custom auth and build something for us. I'm simply looking for a web callback as authentication mechanism. Let me know if its already present while I proceed to develop one. And in case I'm getting it working, can I contribute it back ? - Rishi On Tue, Oct 18, 2016 at 3:54 AM, Mike Jumper <mike.jum...@guac-dev.org> wrote: > On Tue, Oct 11, 2016 at 3:41 AM, Rishi <2rushike...@gmail.com> wrote: > >> Hello All, >> >> > Hello Rishi, > > >> I'm using guacamole in an automated fashion such that after completing >> the external authentication, a new user-mapping.xml is generated. >> > > The intended mechanism for integrating Guacamole with external > authentication is not through auto-generating XML, but rather through > extensions: > > http://guacamole.incubator.apache.org/doc/gug/guacamole-ext.html > > http://guacamole.incubator.apache.org/doc/gug/custom-auth.html > > More on this below. > > The guacamole authentication in this case works correct however websocket >> connection for console happens to the last consoled vm. It is not able to >> properly disconnect last websocket session upon generation of new >> user-mapping.xml. I suspect its the cookies ! >> >> > Guacamole doesn't use cookies in this way, but the authentication > mechanism that uses user-mapping.xml will cache the connections available > to a particular user once they log in, associating that information with > their session from that point forward. They will not see the results of > changes to that file until after they log out (or until they log in > elsewhere). > > If a new browser is used then the problem does not seem to appear. >> > > Yep. See above. > > >> So, would like to know how can I force flush cookies (if thats the >> problem) whenever guacamole UI is reloaded ? >> > > I don't think you should continue pursuing a solution driven by > user-mapping.xml. That authentication method is intentionally simple, and > not intended to serve as the middle ground between Guacamole and an > external authentication system. It's really aimed at simple deployments, or > as a quick way to verify that Guacamole works as expected before moving on > to something like LDAP or a database. > > In your case, where the idea is to integrate Guacamole with an external > system, I highly recommend developing an extension which does so. Guacamole > provides an API to achieve exactly this, and it's how the other > authentication extensions were written. There's no need to hack things > together using XML as an intermediary. > > - Mike > >
