Hello Everyone,
First of all, Great respect for Mike Jumper and for all of those who are
behind this amazing software particularly when you think of the complexity
of this project: from guacd service, guacamole web app and several
authentication extensions.
Second, I just read that version 1.x.x is going to be released and look
forward to it.
Now, to my trivial questions:
I have installed the guacamole-auth-json authentication extension. I have
tested it and gotten the right output as indicated in the README.md file of
the source code of this extension as shown below. The message is dencrypted
and verified and hence the authToken is generated and returned.
{ "username" : "USER200",
"expires" : "1524000000000",
"connections" : {
}
}
json-secret-key: c2094ccb11ef2c5cbdc148979f5551cd
curl --data-urlencode
"data=Y1BsShW4AoCzKet6BFf8hMrNl2Wnx9BTuFtRDePiTFY+uzNZ6a/bCRB6gkE/jfuKst7ucqgaRIOeVuq/q3xxmOaYC71cPc4ab1YGqdOEsR/MoZl6TR9nYqlsriDlm50s/zWGGNg2ZlXuxlvrLQpVFPrQQbNrPgJ2o9GK2rigaiGYpFiF6mHSATeaSmC3o3RW"
http://localhost:8080/guacamole/api/tokens
{"authToken":"F27DC43AF0F16CD89365E70270256F525A7FE7D0619AEE650D444C00A169C0FB","username":"USER200","dataSource":"json","availableDataSources":["mysql","mysql-shared","json"]}
1 --- How do I use the above token to login automatically similar to the
normal way of specifying the username and password as shown below to
login automatically?
http://localhost:8080/guacamole/#/?username=USER200&password=MYPASS200
2 --- Also, It seems that whenever I add/specify a password using
"password" name parameter in the JSON data, guacamole does not return a
valid token(tried this several times). So why is that? And actually in the
README.md example, the password keyword is not used which I believe is
essential for automatic login mechanism mentioned above.
3 ---- How should I configure guacamole to accept ONLY JSON encrypted and
hashed messages for login mechanism and reject login messages that are not
encrypted and hashed? Because I can still login normally even after
configuring guacamole to use JSON Secret Key(json-secret-key:
4c0b569e4c96df157eee1b65dd0e4d41).
I am assuming the following order of operation; it would be great if someone
can confirm/correct since this is crucial to understand the whole process.
Message is received ---> Message is dencrypted and hash is verified
---->JSON data is parsed/extracted -----> username and password is passed to
the authentication provider extension and is compared against
database/user-mapping.xml/others ----> once authenticated,
guacamole-auth-json extension will generate token and forward it back to the
user/client
Thank you all
YT
--
Sent from:
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
