On Tue, Mar 14, 2023 at 7:36 PM Gabriel Huerta Araujo <[email protected]> wrote: > > I found class SharedAuthenticationProviderService, which has below > method(authenticateUser). It receives credentials of Credentials type. Below > is its definition: > > @Override > public AuthenticatedUser authenticateUser(AuthenticationProvider > authenticationProvider, > Credentials credentials) throws GuacamoleException { > > // Check whether user is authenticating with a valid sharing key > AuthenticatedUser user = > sharingService.retrieveSharedConnectionUser(authenticationProvider, > credentials); > if (user != null) > return user; > > // Otherwise, unauthorized > throw new GuacamoleInvalidCredentialsException("Invalid login", > CredentialsInfo.USERNAME_PASSWORD); > > } > > By above code, I think I have to make call to Perl invocation before > retrieving authenticated user, and then compare with it. If their credentials > are diferents, to update credentials with Tacacs value using > updateUserContext function. > > How do you see my implementation proposal?
A couple of things: * I would not look at the ShareAuthenticationProviderService as an example of this - it is fairly complex in creating temporary tokens and authenticating users temporarily. The simplest module out there is probably the guacamole-auth-header module, and it might be a better starting point for you to create a simple authentication extension that will call the Perl script. * It would be better to avoid trying to change an existing authentication module, you should take the time to fully implement a new one. You can use the header extension as a starting point, but you should take the time to name the classes properly, set up any logging you feel is necessary, etc. Even if you copy the existing header extension and make changes, make sure you rename the classes, remove items that aren't required, etc. It'll help you out in the long run. -Nick --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
