Re: OpenID and NoAuth / user-mapping.xml ?

[Mike Sollanych]

Do you know if it is possible to layer this with OpenID so that I don’t have to 
provide passwords or usernames and just supply connection information here that 
works for anyone who gets past the OpenID challenge?

> On Aug 21, 2019, at 6:55 PM, Ryan Underwood <r...@greymarketlabs.com> wrote:
> 
> auth-json lives here last I saw: 
> https://github.com/glyptodon/guacamole-auth-json
> It works just fine.
> -Ryan
> 
> -----Original Message-----
> From: Nick Couchman <vn...@apache.org> 
> Sent: Tuesday, August 20, 2019 12:27 PM
> To: user@guacamole.apache.org
> Subject: Re: OpenID and NoAuth / user-mapping.xml ?
> 
> On Tue, Aug 20, 2019 at 12:20 PM Mike Sollanych <msollan...@dwavesys.com 
> <mailto:msollan...@dwavesys.com> > wrote:
> 
> 
>    Thanks for your response, Nick.
> 
>    > However, I wonder does the Consul service discovery have any sort of API 
> that could be leveraged to dynamically pull connection information?
>    
> 
>    Yes, it's intended for exactly this kind of thing. 
> https://www.consul.io/api/index.html <https://www.consul.io/api/index.html>  
> is the tip of the iceberg. Most likely it would make sense for the user to 
> create a Prepared Query https://www.consul.io/api/query.html and then provide 
> the ID of that to Guacamole or whatever piece of middleware in order to have 
> it run the query and get back the right set of services. This should provide 
> good abstraction and save the middleware from having to implement a lot of 
> logic.
> 
> 
> 
> Yeah, I started poking at it a bit last night - I had never heard of Consul 
> before, but it looks really cool, and the API looks reasonably easy to use.
> 
> In your implementation, would you be trying to leverage any sort of access 
> control as provided by Consul, or do you just want any user who logs in with 
> OpenID to see any of the services available from Consul?
> 
> 
>    > Sounds like Consul can spit out formatted output - XML, maybe JSON.  An 
> extension could be written to leverage this - I'd lean toward JSON output, 
> myself, but probably doesn't matter that much.
>    
> 
>    This is often done via another complementary product, Consul Template - 
> https://github.com/hashicorp/consul-template 
> <https://github.com/hashicorp/consul-template>  - which can read data from 
> Consul and render it out using the Go Template syntax into literally any kind 
> of format. JSON is supported with a built in serializer, so the template 
> would be very succinct. We can source data from service registrations, which 
> have tags that would make it easy to pass data along. Passwords for VNC etc. 
> can be sourced from Hashicorp Vault for the security-conscious or via some 
> other mechanism if that's overkill for the environment in question.
>    
> 
>    > it it actually shouldn't be too bad to write scripts in one of several 
> languages, or even some SQL procedures in your DB of choice that would ease 
> this. 
>    
> 
>    I've thought about doing this and am confident it could be done - 
> automation to pre-seed the database when I am reconstructing the entire 
> environment from scratch is pretty straightforward with your SQL script 
> generator, and then it's just a matter of using Consul-Template to spit out a 
> database script that truncates a table and repopulates it. It just seems a 
> little bit hackish / non-idiomatic and I don't want to build something here 
> that I'm going to have to do a lot of maintenance on later.
>    
> 
> 
> 
> Oh, yes, I agree it is hackish, particularly since Consul provides an API.
> 
> 
>    If there is in fact some JSON-based extension around that I could try for 
> this, I would appreciate a link to it!
> 
> 
> Mike will have to provide this - he's referenced it, but I'm not entirely 
> sure where it lives at the moment, what it's working state is, or even how to 
> use it.
> 
> -Nick
> 
> 
> B�KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB��[��X��ܚX�KK[XZ[�\�\�][��X��ܚX�P�XX�[[�K�\X�K�ܙ�B��܈Y][ۘ[��[X[��K[XZ[�\�\�Z[�XX�[[�K�\X�K�ܙ�B