On Wed, Apr 14, 2021 at 9:41 AM tomlawesome <[email protected]> wrote:
> Hi all, > > I am trying to using HTTP headers to login to guac directly after > authenticating via Authelia. Currently it does not support OpenID > unfortunately. > > I can find very little info in Authelia's docs, but have been tyring to > find > a way/figure out how to use the following: > > > https://www.authelia.com/docs/community/using-remote-user-header-for-sso-with-jira.html > > And use that HTTP header to log into Guacamole. > > Would anybody be able to assist me with: > > - How does this verify Guacamole credentials? Does the user/pass have to be > the same for both services? Not the password, but the username - if you install the header extension in Guacamole, as long as the username matches Guacamole will use that to associate the user with other modules (for example, JDBC). It's really important with the header module to make sure that the configuration is secure and that you don't allow unknown/untrusted pages to pass through the REMOTE_USER header to Guacamole. > > - What's the correct syntax to add the header info into > guacamole.properties > > Unless you want to use a header other than REMOTE_USER, you only need to install the extension - there's no configuration required. If you want to use a different header you can use the guacamole.properties to change that. It's all documented, here: http://guacamole.apache.org/doc/gug/header-auth.html -Nick
