On Mon, Dec 9, 2019 at 1:34 PM Justin Phelps <jus...@onitato.com> wrote:
> I'm currently struggling to figure out how to configure guacamole properly > given my authentication situation. > > I have an Apache proxy setup in front of guacamole, and I use an Apache > module to handle authentication of the incoming users. This provides a > collection of HTTP Headers that can be used for identification of the user. > The proxy also doesn't allow any unauthenticated users to access guacamole > directly. > > The assumption here is if a user has successfully authenticated, they have > access to *all* the connections configured in the user-mapper.xml file. > > The user-mapper.xml file does not "stack" with the other authentication modules in the same way, so you cannot use this module in combination with other authentication modules. It is designed to be a very simple way to test that your install is working correctly, but is not really something that scales well for larger use-cases. If you need to combine the header module with some other module for storing connections, the most common and probably easiest thing to do is to use the JDBC module to store connections. Aside from that, you could either write your own module for storing the connections, or Mike has one that takes JSON input, I believe, for facilitating pulling in connection data that way without having to set up a database. -Nick >