> > I don't think the logout will work for me as I have to hide all general > aspects of Guacamole (no home page, etc... ) to get the launch-in context. > I have put a trace in the shutdown() method but I'm not seeing it being > called (probably a side effect of the previous). > I'm happy to hear of the periodic clean up, I think/hope that will settle > my > worry. > > It's probably only called on Logout, or when the DELETE method is called on the api/tokens endpoint, so you'll have to do something with that in order to get it to run. You also could do something like override the tunnel connection methods in the Connection class and do something to make the credentials invalid as soon as the tunnel is connected such that someone can't reuse it. Depends on how concerned you are about someone being able to maliciously (re)use the credentials.
> Had to play some interesting games (comparing the new request to the > existing configuration of the user) to avoid re-authenticating uselessly as > updateAuthenticatedUser is called more often than expected but I think I > have it working now so I can serve a new authorization every time a new > target is invoked (within the same session or not). > You might take a look at these methods in some of the other modules, like the CAS, Duo, and Header ones, as they may behave similarly to how you're attempting to get your module to work. > > My next challenge now is to figure out a way to display a proper error > message when the authorization fails (there is no cascading to other > authorization plugin and none will do). Right now, all I get is a blank > page. > Again, might look at some of the other modules to get examples - throwing a GuacamoleInvalidCredentialsException or GuacamoleInsufficientCredentialsException should allow you to display a custom page (Form/Field) that gives the user a userful error message, or redirect the user to some other page for authentication (CAS, OAuth, Duo do this). -Nick
