Thanks. Is there any official API documentation. For .e.g consider the following flow : a) I hit an API and get an access token b) Using this access token, I dynamically generate a URL which can be returned to the client. c) 1000s of users are able to simultaneously use such end points to access various different virtual machines.
On Tue, 10 Nov 2020 at 21:54, Nick Couchman <[email protected]> wrote: > On Tue, Nov 10, 2020 at 10:57 AM mark P <[email protected]> wrote: > >> >> Hi Everyone, >> >> I'd want to use Guacamole to remote connect machines in a small office >> that I use for my personal research. I have done the basic configuration >> in the Guacamole server and I am able to access the remote desktop. >> However, how can I access a remote machine through RDP without having to >> enter guacamole credentials every time. I am expecting to get a URL like >> <IP>/guacamole/<otherdetails>, which upon entering into the browser address >> bar would directly open the desktop of the remote machine. I need this >> because I don't want to share the guacamole credentials with my junior >> research assistants. >> >> > There are a couple of things to answer, here... > - You should not try to disable Guacamole authentication. There are other > ways to give a more seamless experience to users, but disabling > authentication altogether is a Bad Idea (tm). There are many security > implications to this - for example, while the servers that you want people > to connect to may require authentication, not requiring authentication for > Guacamole means that people could essentially use Guacamole to scan your > network and attempt connections to and exploit vulnerabilities on other > systems on your network that perhaps you do not want users connected to. > See: http://guacamole.apache.org/faq/#disable-auth. > - There is no default way to create a URL that has the details of the > connection within it. This has to be done with a separate extensions of > some sort, and is not part of Guacamole Client's default capabilities. You > might be interested in something like Mike's JSON extension that allows you > to securely generate JSON connection data and send it into the Guacamole > extension, which maintains the security of actually authenticating the > session within Guacamole, but helps with the seamless experience for the > users. See: https://github.com/glyptodon/guacamole-auth-json > - Other than that, using some sort of SSO module can help you with this - > there are SAML, OpenID, and CAS modules available, along with the Header > module. You can use these along with the JDBC module to provide the > connection configuration, and assign rights for those users. The URLs for > the connections include the information for the data source, connection > type (connection or group), and connection identifier encoded in the URL, > so those can be shared, bookmarked, etc., and used by many users. > > -Nick >
