Victor,
Noauth was removed from Guacamole 1.0.0 onwards, so the short answer is
that it won't work.
However you're not the only person that's wanted a similar mechanism,
there have been a few such requests and suggestions of how to best
achieve something similar within a particular environment. This forum
post may give you some further information:
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/Running-guacamole-inside-of-a-secured-environment-td7922.html
I seem to recall other discussions so a trawl through the list may be
worthwhile.
As a complete aside I like your quotation from Antoine de Saint Exup�ry
and was reminded of not dis-similar lines from Michelango Buonarroti a
few hundred years prior. I expect you've read some of his literature,
but if not I thoroughly recommend it - incl his madrigals.
On 20/06/2020 2:27 a.m., Victor Norman wrote:
A little background: my goal was to move our project showcase system from
Ubuntu 16.04, tomcat7, guacamole 0.9.9 with auth-noauth, to
Ubuntu 20.04, tomcat9, guacamole 1.1.0 (at least) with auth header-auth.
However, we're finding there are just too many changes to do all of
this at once.
So, now the plan is to just take the existing system -- guacamole
0.9.9 with auth-noauth -- and move it to Ubuntu 20.04 -- changing as
little as possible to get it working... except, tomcat7 must be
replaced by tomcat9.
I have the new system set up, and everything *looks* good, but when I
go to the main page (http://agora.cs.calvin.edu:8080), it does not
take me to my home page but, after a bit of delay, to the login page.
Looking at the console logs, I see this:
POST http://agora2004.cs.calvin.edu:8080/agora/api/tokens 403
I don't know if that really is the problem, but I don't see that on my
old server on Ubuntu 16.04.
When I drill down on that error, I see this:
1.
2.
Request URL:
http://agora2004.cs.calvin.edu:8080/agora/api/tokens
3.
Request Method:
POST
4.
Status Code:
403
5.
Remote Address:
153.106.195.16:8080
6.
Referrer Policy:
no-referrer-when-downgrade
1. Response Headersview source
1.
Connection:
keep-alive
2.
Content-Type:
application/json
3.
Date:
Fri, 19 Jun 2020 14:15:14 GMT
4.
Keep-Alive:
timeout=20
5.
Transfer-Encoding:
chunked
2. Request Headersview source
1.
Accept:
application/json, text/plain, */*
2.
Accept-Encoding:
gzip, deflate
3.
Accept-Language:
en-US,en;q=0.9
4.
Cache-Control:
no-cache
5.
Connection:
keep-alive
6.
Content-Length:
0
7.
Content-Type:
application/x-www-form-urlencoded
8.
Cookie:
JSESSIONID=0A776B90C0F6F15BED7FB7B82D917B40;
JSESSIONID=2267FCDCA11585C196863C27E9E7F6C6
9.
DNT:
1
10.
Host:
agora2004.cs.calvin.edu:8080
11.
Origin:
http://agora2004.cs.calvin.edu:8080
12.
Pragma:
no-cache
13.
Referer:
http://agora2004.cs.calvin.edu:8080/agora/
14.
User-Agent:
Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106
Mobile Safari/537.36
I wonder if the guac auth-noauth is actually being used or not? It
seems to be configured correctly, with correct file permissions, etc.
But, there are no log messages to indicate it is being loaded, etc. --
even on the old system there are no log messages about auth-noauth
being used -- but it is.
I wonder if there is just a directory that does not have the correct
permissions? Or is there a tomcat9 configuration option I'm missing?
Any ideas on what might be wrong or how to further debug this? Help!
Prof. Victor Norman
Computer Science
Calvin College University
[email protected] <mailto:[email protected]>
-----
"A designer knows he has achieved perfection not when there is nothing
left to add, but when there is nothing left to take away." -- Antoine
de Saint Exup�ry
