Hi Nick, I am working to build a portal for users, with all connections categorized and presented in our own style. Also, as you suggested, I am using the Header authentication module in combination with the JDBC module; however, rather than getting all end users registered to guacamole client, I am looking to access guacamole with a dedicated account for all end users. I have a proxy (nginx) in front of the guacamole client, and the proxy set the authentication header for all end users.
Ideally, I am looking to change the anchor for clients (/#/client/<encoded_connection_id>) to a query string (?client=encoded_connection_id), so that I can handle the URL with nginx. Is this possible? If not, can I just remove the home module? Thanks, Yang > On Dec 10, 2019, at 06:19, Nick Couchman <vn...@apache.org> wrote: > > On Mon, Dec 9, 2019 at 5:22 AM Yang Yang <yy8...@icloud.com.invalid> wrote: > Hello, > > Is it possible to get a static URL for each connection? > > With default setting, users can access a connection with > https://guacamole_client_addr_and_port/guacamole/#/client/encoded_connection_id > > <https://guacamole_client_addr_and_port/guacamole/#/client/encoded_connection_id>. > I put guacamole client behind a proxy, and using auth header for > authentication, I want to offer some customers access to a few connections > directly while not allowing them to access the client portal. > > > Maybe you could let us know why it is that you don't want customers to be > able to access the "client portal" - by which, I'm assuming you mean, the > Guacamole home page? > > All of the connection URLs are generated based on the connection data - the > "encoded_connection_id" you mention will always be the same for a given > connection, so you can provide users those URLs, and it will take them > straight to the connection. However, it will not prevent them from going to > the home page. > > I would recommend that you use the Header authentication module in > combination with the JDBC module and assign permissions such that users are > only able to see the connections that they are allowed to access. Then, even > if they can get to the home page, it shouldn't matter, as they'll only be > able to see the connections that you want them to see. > > -Nick
