On Thu, Jun 18, 2020 at 1:00 AM Abdul Qadir (aqadir) <[email protected]> wrote:
> ... > > From browser above given link was opened but facing issue in login. > > > > From where I can collect the log and information for review? > The Guacamole logs will be the Tomcat logs. Where these logs are specifically will depend on how Tomcat was installed. On CentOS / RHEL, for example, the provided "tomcat" package logs things to the systemd journal. On other distributions, the log may be /var/log/tomcat/catalina.out or /var/log/tomcat8/catalina.out or similar. If Tomcat was installed manually, there should be some sort of log directory that was created as part of that installation process, and the Tomcat logs will be in there. Also, we want to integrate Guacamole capabilities in our solution for RDP > of windows servers. > > We want to know how can we form the http url so that it will > automatically login into the Guacamole server and the machine for which we > want to RDP wit credential and other parameters. > > Any example or documentation? > You should definitely *not* use the approach you describe above. Embedding credentials or connection details within the URL would expose sensitive information and allow users to manipulate their connection details beyond what the administrator dictates. A key design aspect of Guacamole is that users of the system should not be able to connect to any machine that the administrator has not explicitly granted them access. If you are integrating Guacamole within another application, then it should be the application which grants this access, but users should still not be able to manipulate this. Your main options here are: 1) Use features of Guacamole provided out-of-the-box, like Active Directory integration (via LDAP) and credential passthrough. Depending on what you're trying to achieve, this may already be what you're looking for. 2) Leverage an extension which allows an external application to provide authentication and authorization details via the URL, but does so in such a way that user manipulation is not possible. I wrote such an extension some time ago for my day job, and there may be other similar extensions elsewhere: https://github.com/glyptodon/guacamole-auth-json 3) Write your own extension which directly integrates whichever authentication and authorization system your application provides. The Guacamole extension API ( http://guacamole.apache.org/doc/gug/guacamole-ext.html) is quite flexible, and allows you to derive connection information however you see fit. There are basic examples on writing an extension within the manual and within the guacamole-client source. - Mike
