Thanks for the prompt response guys.
I resolved the permission denied issue, the issue was json extension was not
properly installed. I reinstalled the extension and now I can generate the
token using curl command.
But when I use that token in the browser connection fails with below error in
the Tomcat:
05:57:15.777 [http-nio-8080-exec-1] INFO o.a.g.environment.LocalEnvironment -
GUACAMOLE_HOME is "/etc/guacamole".
05:57:15.930 [http-nio-8080-exec-2] DEBUG o.a.g.net.InetGuacamoleSocket -
Connecting to guacd at localhost:4822.
05:57:15.939 [http-nio-8080-exec-2] ERROR
o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to
guacd failed: java.net.ConnectException: Connection refused (Connection refused)
05:57:15.949 [http-nio-8080-exec-2] DEBUG
o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Error connecting WebSocket tunnel.
org.apache.guacamole.GuacamoleServerException: java.net.ConnectException:
Connection refused (Connection refused)
at
org.apache.guacamole.net.InetGuacamoleSocket.<init>(InetGuacamoleSocket.java:114)
~[guacamole-common-1.1.0.jar:na]
at
org.glyptodon.guacamole.auth.json.connection.ConnectionService.connect(ConnectionService.java:231)
~[na:na]
at
org.glyptodon.guacamole.auth.json.user.UserDataConnection.connect(UserDataConnection.java:195)
~[na:na]
at
org.apache.guacamole.net.auth.Connectable.connect(Connectable.java:96)
~[classes/:na]
at
org.apache.guacamole.tunnel.TunnelRequestService.createConnectedTunnel(TunnelRequestService.java:216)
~[classes/:na]
at
org.apache.guacamole.tunnel.TunnelRequestService.createTunnel(TunnelRequestService.java:347)
~[classes/:na]
at
org.apache.guacamole.tunnel.websocket.RestrictedGuacamoleWebSocketTunnelEndpoint.createTunnel(RestrictedGuacamoleWebSocketTunnelEndpoint.java:113)
~[classes/:na]
at
org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.onOpen(GuacamoleWebSocketTunnelEndpoint.java:200)
~[guacamole-common-1.1.0.jar:na]
at
org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:133)
~[tomcat-websocket.jar:9.0.36]
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:914)
~[tomcat-coyote.jar:9.0.36]
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)
~[tomcat-coyote.jar:9.0.36]
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
~[tomcat-coyote.jar:9.0.36]
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
~[na:na]
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
~[na:na]
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
~[tomcat-util.jar:9.0.36]
at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
~[na:na]
at
java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
~[na:na]
at
java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
~[na:na]
at
java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
~[na:na]
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:403)
~[na:na]
at java.base/java.net.Socket.connect(Socket.java:609) ~[na:na]
at
org.apache.guacamole.net.InetGuacamoleSocket.<init>(InetGuacamoleSocket.java:100)
~[guacamole-common-1.1.0.jar:na]
... 15 common frames omitted
Please suggest.
Regards,
Prashant
From: Nick Couchman <[email protected]>
Sent: Monday, August 31, 2020 3:53 PM
To: [email protected]
Subject: Re: guacamole-auth-json is not working
On Mon, Aug 31, 2020 at 5:01 AM Prashant K
<[email protected]<mailto:[email protected]>> wrote:
Hello All,
I am new to Guacamole and recently installed it on Linux debian 4.19
Its GUI is working fine with the credentials in the Usermapping.xml and now I
am trying to use the guacamole-auth-json.
I have followed the steps mentioned at
https://github.com/glyptodon/guacamole-auth-json and checking the Reference
implementation first.
But when I am posting the data to the Rest API using curl it is failing with
below error:
root@debian:~# curl --data-urlencode
"data=Bbg91V2NX0yUFc/fq1pl8e+mwg10qSWSRT5AmJWERt+ctO+jNy0sE96knvgD6HwU5EoV0lIfgrCzXi3qMRWmw2QDxBKjGuB8qIiHFasvoAOMLTgrlzdeqicQu2LJoOCVZErDLp/mpc0VaiAL3zuT+fOVphEQ0igNqMCaMlNMzkUQW6UPLoXYG+ouo5jvdK/0asydMjJKt797+Sl+Ir1+wK9flKpQgRxLac/MXwR5X7jPKqrlH5eTCG6s0MVEDG+ejNis3Mwow4jjpE5u6a+7e1R7tct9MIgUmNtcq/4b+APz6h2Fb9zQLzOgrycmiGlV4N1vfmGMNQEAqpRPPaQX8hun0LBNHYLAa2kwpHg8LxCDsIuYAFpVJeScm1kdWol6byq1GJx9gjauazTuwaMYGg72EjImVdqjsG96+ceNDjOdJwkL4gu32Az1Dxap7Er6PECMzcCpP61ItEvBkRYkQg=="
http://10.9.31.33:8080/guacamole/api/tokens
{"message":"Permission Denied.","translatableMessage":{"key":"Permission
Denied.","variables":null},"statusCode":null,"expected":[{"name":"username","type":"USERNAME"},{"name":"password","type":"PASSWORD"}],"type":"INVALID_CREDENTIALS"}root@debian:~
Please suggest where to look into to resolve this issue?
From the page:
> If the data is invalid in any way, if the signature does not match, if
> decryption or signature verification fails, or if the submitted data has
> expired, the REST service will return an invalid credentials error and fail
> without user-visible explanation. Details describing the error that occurred
> will be in the Tomcat logs, however.
Mike can probably help a little more with this than I can, but I'd suggest
looking at the Tomcat logs for your particular install and see what is being
logged, there.
-Nick
