On Thu, Apr 9, 2020 at 10:37 AM Howard Lander <[email protected]> wrote:
> Hi all > > We are running guacamole inside of a secured environment. By this I mean > that by the time the user can access our Guacamole server they have already > authenticated. So we really don't want them to have to authenticate again. > I see that there was a noauth extension, but it doesn't seem to be > supported in either version 1.0 or 1.1. I found the docs that describe how > to write a custom authentication module, but I'm not sure I want to go down > that path. What, if anything, is the currently approved method of providing > access without authentication? Did I just miss the noauth support in later > versions? If it matters. the service we are allowing the users to connect > to is VNC. > First, regarding the noauth module, no, you are not missing it in the current versions. It was deprecated in version 0.9.13 or 0.9.14, and completely removed from version 1.0.0 and later. Regarding working in a trusted environment, first, please read the following: http://guacamole.apache.org/faq/#disable-auth Beyond this, there are a couple of ways you can work through the authentication mechanism to make the experience more seamless for users. The most common is to use a SSO extension of some sort to authenticate through an existing SSO provider. Guacamole currently supports CAS and OpenID providers, and also has a Header authentication module that can be used to authenticate users through HTTP headers in trusted environments. http://guacamole.apache.org/doc/gug/cas-auth.html http://guacamole.apache.org/doc/gug/openid-auth.html http://guacamole.apache.org/doc/gug/header-auth.html Depending on your environment, another option is to use the parameter tokens as pass through authentication from Guacamole to your destination systems. This works particularly well in environments where you have AD authentication and use that with the LDAP extension, and then pass through the LDAP username and password to the RDP hosts that use the same AD domain. http://guacamole.apache.org/doc/gug/configuring-guacamole.html#parameter-tokens -Nick >
