On Fri, Jun 28, 2019 at 11:17 AM sciUser <[email protected]> wrote:
> Hello > > We have beaten guacamole into submission and made it work the way we wanted > it; in a multi tenant environment, if you have multiple browser tabs (Same > Browser) opened and do not kill the cached cookie for authentication when > leaving or refreshing and a user has access to multiple VMs, you will at > times get the same VM because of the browser caching. > Guacamole is already intended for a multi-tenant environment. If you have an existing, independent, custom authentication and provisioning mechanism, you really should use Guacamole's systems as intended, leveraging the components meant to be used exactly for this (extensions). The extension system is specifically designed to allow integration with arbitrary authentication and provisioning/routing. In sort we don't let guacamole write any new users to the database our API > provisioning system handles all this and there is no need for LDAP which is > slow layer. > Writing an extension does not require you to use LDAP nor a database. LDAP and the database are themselves specific implementations of extensions which leverage LDAP and a database for authentication and data storage. If you have a system that is dynamic, it would be better to integrate that directly. > So we add the code to kill cookies to > /var/lib/tomcat/webapps/guacamole/index.html > > We don't create extension but alter guacamole directly. You really should instead write an extension. I get what you're trying to achieve, but the way to achieve that is through writing an extension that dynamically authenticates and routes users. The approach you describe may be good enough for a POC, but I strongly recommend against continuing to use that approach in a production environment. The Guacamole web application already provides a mechanism *specifically intended to serve the use case you describe*. That is what should be used here. - Mike
