On Tue, Nov 10, 2020 at 10:57 AM mark P <[email protected]> wrote:
> > Hi Everyone, > > I'd want to use Guacamole to remote connect machines in a small office > that I use for my personal research. I have done the basic configuration > in the Guacamole server and I am able to access the remote desktop. > However, how can I access a remote machine through RDP without having to > enter guacamole credentials every time. I am expecting to get a URL like > <IP>/guacamole/<otherdetails>, which upon entering into the browser address > bar would directly open the desktop of the remote machine. I need this > because I don't want to share the guacamole credentials with my junior > research assistants. > > There are a couple of things to answer, here... - You should not try to disable Guacamole authentication. There are other ways to give a more seamless experience to users, but disabling authentication altogether is a Bad Idea (tm). There are many security implications to this - for example, while the servers that you want people to connect to may require authentication, not requiring authentication for Guacamole means that people could essentially use Guacamole to scan your network and attempt connections to and exploit vulnerabilities on other systems on your network that perhaps you do not want users connected to. See: http://guacamole.apache.org/faq/#disable-auth. - There is no default way to create a URL that has the details of the connection within it. This has to be done with a separate extensions of some sort, and is not part of Guacamole Client's default capabilities. You might be interested in something like Mike's JSON extension that allows you to securely generate JSON connection data and send it into the Guacamole extension, which maintains the security of actually authenticating the session within Guacamole, but helps with the seamless experience for the users. See: https://github.com/glyptodon/guacamole-auth-json - Other than that, using some sort of SSO module can help you with this - there are SAML, OpenID, and CAS modules available, along with the Header module. You can use these along with the JDBC module to provide the connection configuration, and assign rights for those users. The URLs for the connections include the information for the data source, connection type (connection or group), and connection identifier encoded in the URL, so those can be shared, bookmarked, etc., and used by many users. -Nick
