>For what it's worth, I did a quick implementation of an authentication >extension that talks to the Consul.IO HTTP API to get service information. >Code repository is here:
> https://github.com/necouchman/guacamole-auto-consulio<https://github.com/necouchman/guacamole-auto-consulio> Fantastic effort, Nick, this is incredibly appreciated. I will try it out within a day or so and give you some feedback. Particularly excellent is this: > The protocol must be specified in the ServiceMeta node as "protocol", and any > additional connection parameters can be specified in the ServiceMeta node and > will be added to the Guacamole connection. This will help make sure it's very configurable and seems idiomatic to the way people will use Consul, so great call there. The only thing that will be problematic here will be the actual authentication of a VNC session as we use passwords on those, which is something I'd probably not bake into Consul tags as it's far too easy to run Consul in a far-too-open sort of state. Any idea if we can simply have Guacamole prompt for a VNC password on connect? That's good enough for me for now, considering it's going to be a shared password anyhow. -Mike ________________________________ From: Nick Couchman <[email protected]> Sent: Saturday, August 24, 2019 12:20 PM To: [email protected] <[email protected]> Subject: Re: OpenID and NoAuth / user-mapping.xml ? On Tue, Aug 20, 2019 at 12:26 PM Nick Couchman <[email protected]<mailto:[email protected]>> wrote: On Tue, Aug 20, 2019 at 12:20 PM Mike Sollanych <[email protected]<mailto:[email protected]>> wrote: Thanks for your response, Nick. > However, I wonder does the Consul service discovery have any sort of API that > could be leveraged to dynamically pull connection information? Yes, it's intended for exactly this kind of thing. https://www.consul.io/api/index.html is the tip of the iceberg. Most likely it would make sense for the user to create a Prepared Query https://www.consul.io/api/query.html and then provide the ID of that to Guacamole or whatever piece of middleware in order to have it run the query and get back the right set of services. This should provide good abstraction and save the middleware from having to implement a lot of logic. Yeah, I started poking at it a bit last night - I had never heard of Consul before, but it looks really cool, and the API looks reasonably easy to use. For what it's worth, I did a quick implementation of an authentication extension that talks to the Consul.IO HTTP API to get service information. Code repository is here: https://github.com/necouchman/guacamole-auto-consulio It's currently written against the 1.0.0 code, and is pretty basic - just pulls in any service found in Consul.IO that is tagged with "guacamole" and lists it out on the home page. Does not attempt any permission checks or anything like that, and doesn't even support TLS/SSL connection to the Consul.IO service at this point. Definitely could be improved upon to leverage some of the additional features of Consul.IO, but it works (for me :-). -Nick
