I have guacamole set up behind an SSO proxy that provides the username in an
HTTP header. This all works fine and I can access Guacamole and see that I'm
logged in with the expected user id.
I'm having less success creating connections that are accessible to logged-in
users. For example, I've created an ssh connection via the REST API; here it
is in the database:
guacamole=# select connection_id, connection_name, protocol from
guacamole_connection;
connection_id | connection_name | protocol
---------------+-----------------+----------
1 | larstest | ssh
I've created a user in the database that matches my
header-authenticated username:
guacamole=# select entity_id, name, type, user_id from guacamole_entity
join guacamole_user using (entity_id);
entity_id | name | type | user_id
-----------+---------------------+------+---------
1 | guacadmin | USER | 1
2 | [email protected] | USER | 2
And I've assigned permissions for this user on the connection, against
using the REST API, which results in:
guacamole=# select connection_id, connection_name, entity_id, name,
permission from guacamole_connection join guacamole_connection_permission
using (connection_id) join guacamole_entity using (entity_id);
connection_id | connection_name | entity_id | name |
permission
---------------+-----------------+-----------+---------------------+------------
1 | larstest | 1 | guacadmin | READ
1 | larstest | 1 | guacadmin | UPDATE
1 | larstest | 1 | guacadmin | DELETE
1 | larstest | 1 | guacadmin |
ADMINISTER
1 | larstest | 2 | [email protected] | READ
But when I log in as `[email protected]`, I don't see this
connection. Am I missing a step, or is there another way of handling
this?
Thanks,
--
Lars Kellogg-Stedman <[email protected]> | larsks @ {irc,twitter,github}
http://blog.oddbit.com/ | N1LKS
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
