On Mon, Jul 30, 2018 at 3:19 PM Bime, Kerman K. (GSFC-606.2)[InuTeq, LLC] < kerman.k.b...@nasa.gov> wrote:
> To whom it may concern, > > > > Could you provide more information on configuring guacamole.properties for > HTTP Header Authentication. The manual/documentation essentially just says > to drop the jar file in GUAC_Home/extensions. > Yes, and reload Tomcat or the re-deploy the Guacamole WAR file. The only thing to configure within Guacamole is if you want to change the header that's used to something other than REMOTE_USER, you can set that, as well. Other than that, you also have to set up your web server to provide that authentication - you can do this in Tomcat (or your Java Application Server - Jetty, JBOSS, etc.), or you can do it on an upstream reverse proxy server, like Nginx or Apache httpd. You can find examples of how to configure this for Nginx at the following page: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/ > > > I understand that this needs to be layered on top of a db like MySql > (which I have setup), however it does’t provide more info that. For the lay > person, i would like some sort of direction of how to configure that > portion. Also, any info besides how to configure and more on what > information I need to give guacamole.properties to make it http auth work > would be great. > > > You'll basically want to take a look at the chapter on JDBC configuration and configure that. Layering the modules does not require anything special, per se - you install and configure each of the modules, and the "layering" happens automatically. It is done via username, so if the username of your user logged in via the HTTP header module matches one present in the JDBC module, the permissions in the JDBC module will be assigned to that user. You might find the following section helpful - it deals with LDAP + JDBC, but really applies anything, including Header auth, plus JDBC: http://guacamole.apache.org/doc/gug/ldap-auth.html#ldap-and-database Feel free to post back if you have additional questions! -Nick