Hi Mike
Thanks for getting back to me, appreciate it. I have put \n at the end of each line – and confirmed with 3 online JSON validators that its valid JSON. Yet its still not working- keeps asking for passphrase key. The issue isn’t the JSON being generated, at the moment I am manually doing it to confirm its working, and then passing it through your encrypt-json.sh script to get the output and put that into https://<GACAMOLE>/#/?tokens <https://contactmonkey.com/api/v1/tracker?cm_session=46fe7273-d1c3-4014-b978-7cbacdfed80a&cm_type=link&cm_link=b887b031-2383-4502-a982-527ac550b1de&cm_destination=https://%3cGACAMOLE%3e/#/?tokens> to get the token, then passing it to https://<GACAMOLE>/#/?token= <https://contactmonkey.com/api/v1/tracker?cm_session=46fe7273-d1c3-4014-b978-7cbacdfed80a&cm_type=link&cm_link=e92dd8c9-8b90-4ca6-87d2-8aec2f36814d&cm_destination=https://%3cGACAMOLE%3e/#/?token=> to load the page. I am doing it this way to make sure it all works – and doing this exact thing with using a json that doesn’t have a key, but has a password works. An ssh’ing into the client machine from this exact server while passing this rsa_dsa key (via the ssh –I RSA_DSA file) also works (doenst ask for a password). So from this, I know the key works using ssh directly, and I know the API works, and the json file format works when not using a multi line key. But adding the 2 together fails. So I am stuck and frustrated as to where else I can look to a resolution. Thanks again Paul *From:* Mike Jumper [mailto:[email protected]] *Sent:* Wednesday, 1 May 2019 3:26 AM *To:* [email protected] *Subject:* Re: Sending private-key in json (using API to open session) Hi Paul, Ultimately, you will need to ensure the JSON is valid JSON. The issue you're seeing is not due to something specific to Guacamole - you're simply getting low-level parse errors because the JSON is invalid. It's difficult to see where exactly the failure lies in the censored JSON snippet, but overall: 1. Make sure you do not have line breaks within the string. You can have newlines within a string value, but these need to be represented as "\n". You don't need to use Windows-style "\r\n" - "\n" will do. 2. Make sure you have not accidentally entered a double-quote within the string which would cause the string to end and the rest of its value to be interpreted as raw JSON. I don't believe the private key value would ever normally have such a character in it, but the solution if it were needed would be to backslash escape it. The same goes for other characters that JSON would assign special meaning to within strings, like backslashes themselves. If you still see JSON parse failures after this, I suggest opening things up in a text editor which will not wrap lines, so you can easily tell whether your private key line still contains line breaks. You might also try pasting the JSON into a JSON validator, which might give help you find the specific part in your file that is failing. If you will be programmatically generating the JSON in practice, the JSON library you use should take care of automatically and correctly escaping string values. - Mike On Tue, Apr 30, 2019 at 4:36 AM Paul A <[email protected]> wrote: Hi Does anyone have any ideas on storing the private-key in the json, that Guacamole can actually read? Thanks Paul ------------------------------------------------------------- Hi Thanks for replying quickly. What about the encoding of the data, and encrypting it with the key? Before you can send data to that URL (same as what we send ours to), you need to do those 2 things, which is done as an example with the encrypt-json.sh file (provided by Mike) I gave it a go though I tired to just put some data and got this in postman: { "message": "Permission denied.", "translatableMessage": { "key": "Permission denied.", "variables": null }, "statusCode": null, "expected": [], "type": "INVALID_CREDENTIALS" } And this in the log file: [http-nio-8080-exec-20] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [ 172.19.198.2] for user "paul" failed. -----Original Message----- From: sciUser [mailto:[email protected] <[email protected]>] Sent: Friday, 26 April 2019 5:10 PM To: [email protected] Subject: Re: Sending private-key in json (using API to open session) How we do it: We use curl to post : curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d 'username=SOMEUSERNAME&password=SOMEPASSWORD' https://<Guacamole>/guacamole/api/tokens <https://contactmonkey.com/api/v1/tracker?cm_session=769b01d0-077b-4977-a792-41bffa59bad0&cm_type=link&cm_link=c818cd5d-b25c-4fec-afa4-d67dd9b3d0ab&cm_destination=https://%3cGuacamole%3e/guacamole/api/tokens> This will generate a one time token for that user to login with then it will expire, but the connection will remain as long as the session is active in the browser. The return/redirect link should look like this: https://<Guacamole>/guacamole/#/client/?token=5AD2069FD0F6788848BBE23B6095816EA2B5CEBB1EF07F76051010E050C70063 <https://contactmonkey.com/api/v1/tracker?cm_session=769b01d0-077b-4977-a792-41bffa59bad0&cm_type=link&cm_link=9105440c-d4a3-4c88-bdd0-a97ba09f2b4f&cm_destination=https://%3cGuacamole%3e/guacamole/#/client/?token=5AD2069FD0F6788848BBE23B6095816EA2B5CEBB1EF07F76051010E050C70063> Our Provisioning system does all this on the fly and manages Guacamole directly. Hope this helps. Thank You -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ <https://contactmonkey.com/api/v1/tracker?cm_session=769b01d0-077b-4977-a792-41bffa59bad0&cm_type=link&cm_link=b4107129-2a40-41e2-89d3-541d2a56013e&cm_destination=http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/> [image: https://contactmonkey.com/api/v1/tracker?cm_session=46fe7273-d1c3-4014-b978-7cbacdfed80a&cm_type=open&[email protected]]
