> One of the key features that the user-mapping.xml authentication mechanism > does not support is layering with other modules, so this likely won't work.
Ok, I see -- user-mapping.xml is no-go. > > I tried rest api, but it seems to be broken, or at least guacapy > > library seems to be broken. It can fetch data, but it does not add > > anything, here is an issue: > > https://github.com/pschmitt/guacapy/issues/31 > I'm not familiar with this tool - it isn't something directly supported by > the project. Not sure if the author is lurking about here - if so, perhaps > they can chime in on it, but it's not a familiar tool to me. Ok, I ran tcpflow, recorded data exchange between the library and Guacamole server and now I see the problem -- all library's get_ and login methods are using GET and x-www-form-urlencoded and these are okay. I can simulate authentication procedure with curl: % curl -i -X POST "http://127.0.0.1:6060/api/tokens"; -d 'username=guacadmin&password=guacadmin' -H "Content-Type: application/x-www-form-urlencoded" HTTP/1.1 200 Content-Type: application/json Transfer-Encoding: chunked Date: Sun, 05 Apr 2020 18:31:05 GMT {"authToken":"A6F2080CE953348AF4D7CBA920F9986CEF46FEFC3DC75856924329C46945A596","username":"guacadmin","dataSource":"postgresql","availableDataSources":["postgresql","postgresql-shared"]} But add_* methods are using json, and they aren't working, here is tcpflow dump of add_user attempt: % cat 010.001.000.146.53620-010.001.000.174.06060 POST /api/session/data/postgresql-shared/connectionGroups?token=B9D5E7224FBDF70B77FF17C9712DD62F3EC393C0506A6E2B90F4739B8291AF30 HTTP/1.1 Host: g.aroma.ru:6060 Connection: keep-alive Accept-Encoding: gzip, deflate Accept: */* User-Agent: python-requests/2.23.0 Content-Length: 169 Content-Type: application/json "{\"parentIdentifier\":\"ROOT\", \"name\":\"iaas-099 (Test)\", \"type\":\"ORGANIZATIONAL\", \"attributes\":{\"max-connections\":\"\",\"max-connections-per-user\":\"\"}}" % cat 010.001.000.174.06060-010.001.000.146.53620 HTTP/1.1 500 Content-Type: application/json Transfer-Encoding: chunked Date: Sun, 05 Apr 2020 17:50:18 GMT Connection: close ac {"message":"Unexpected internal error","translatableMessage":{"key":"Unexpected internal error","variables":null},"statusCode":null,"expected":null,"type":"INTERNAL_ERROR"} 0 Even authentication does not work json style, again curl test: % curl -i -X POST "http://127.0.0.1:6060/api/tokens"; -d % '{"username":"guacadmin", "password":"guacadmin"}' -H "Content-Type: application/json" HTTP/1.1 500 Content-Type: application/json Transfer-Encoding: chunked Date: Sun, 05 Apr 2020 18:33:10 GMT Connection: close {"message":"Unexpected internal error","translatableMessage":{"key":"Unexpected internal error","variables":null},"statusCode":null,"expected":null,"type":"INTERNAL_ERROR"} Guacamole log: 18:49:34.482 [http-nio-8080-exec-9] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error: Can not deserialize instance of java.util.ArrayList out of VALUE_STRING token at [Source: org.apache.catalina.connector.CoyoteInputStream@22bf9b00; line: 1, column: 2] Is it supposed to work at all with json bodies? And if I can't use POST and nested data as json, how to encode more complicated requests as application/x-www-form-urlencoded for user/connection adding?.. > You should be careful, but it is documented in the manual because we have > foreseen the possibility that folks will want to manipulate the data > directly. I spent last day migrating mysql data backend to postgres, because official guacamole/guacamole docker image does not support RDP printing while oznu/guacamole does, and oznu is postgres-based. And I had to move users and connections, hundreds of them were entered earlier. So, now I finished moving, it finally works and damn, I hate this stuff!! That's why I want to communicate with Guacamole via external API without digging into database. -- Roman V. Isaev http://www.isaev.ru Moscow, Russia --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
