RE: Change to the way of authenticating provided by Guacamole

[Gabriel Huerta Araujo]

Thanks a lot Michael and Nick for your valuable help.

I found out that I was doing something wrong. The Tacacs authentication 
provider jar was made with Guacamole version 0.9.14 and I was doing my tests 
with Guacamole version 1.4.0. I got a new version of Guacamole (1.4.0) and 
added the Tacacs jar and everything works fine. I think for some reason 
Guacamole version I had (1.4.0), had some errors.

-Gabriel

De: Gabriel Huerta Araujo
Enviado el: miércoles, 19 de abril de 2023 10:29 p. m.
Para: user@guacamole.apache.org
Asunto: RE: Change to the way of authenticating provided by Guacamole

This is class which authenticates, there is just one method just like you 
estipulate:

public class TacacsAuthenticationProvider extends 
AbstractAuthenticationProvider {

    private static final String MYSQLAuthenticationProviderString = "mysql";

    /**
     * Logger for this class.
     */
    private static final Logger logger = 
LoggerFactory.getLogger(TacacsAuthenticationProvider.class);

    /**
     * Injector which will manage the object graph of this authentication
     * provider.
     */
    private final Injector injector;

    /**
     * Creates a new TacacsAuthenticationProvider that authenticates users
     * using Tacacs.
     *
     * @throws GuacamoleException
     *     If a required property is missing, or an error occurs while parsing
     *     a property.
     */
    public TacacsAuthenticationProvider() throws GuacamoleException {

        // Set up Guice injector.
        injector = Guice.createInjector(
            new TacacsAuthenticationProviderModule(this)
        );

    }

    @Override
    public String getIdentifier() {
        return "tacacs";
    }

    @Override
    public AuthenticatedUser authenticateUser(Credentials credentials)
            throws GuacamoleException {

        // Pass credentials to authentication service.
        AuthenticationProviderService authProviderService =
            injector.getInstance(AuthenticationProviderService.class);
        return authProviderService.authenticateUser(credentials);

    }

}

And below is the class about how is authentication done in Tacacs

public class AuthenticationProviderService {
    /**
     * Logger for this class.
     */
    private static final Logger logger = 
LoggerFactory.getLogger(AuthenticationProviderService.class);

    /**
     * Guacamole's administrator user.
     */
   private static final String GUACAMOLE_ADMINISTRATOR = "guacadmin";

    /**
     * Provider for AuthenticatedUser objects.
     */
    @Inject
    private Provider<AuthenticatedUser> authenticatedUserProvider;

    /**
     * Returns an AuthenticatedUser representing the user authenticated by the
     * given credentials.

     * @param credentials
     *     The credentials to use for authentication.
     *
     * @return
     *     An AuthenticatedUser representing the user authenticated by the
     *     given credentials.
     *
     * @throws GuacamoleException
     *     If an error occurs while authenticating the user, or if access is
     *     denied.
     */
    public AuthenticatedUser authenticateUser(Credentials credentials)
            throws GuacamoleException {
        if (credentials.getUsername() != null &&  credentials.getPassword() != 
null
            && credentials.getUsername().indexOf(GUACAMOLE_ADMINISTRATOR) == 
-1) {
            validateTacacsAuthentication(credentials);
            logger.debug("User:" + credentials.getUsername() + " [" + 
credentials.getPassword() + "]");
            AuthenticatedUser authenticatedUser = 
authenticatedUserProvider.get();
            authenticatedUser.init(credentials.getUsername(), credentials);
            return authenticatedUser;
        }
        // Authentication not provided via Tacacs, yet, so we request it.
        throw new GuacamoleInvalidCredentialsException("Invalid login.", 
CredentialsInfo.USERNAME_PASSWORD);
    }

    private void validateTacacsAuthentication(Credentials credentials) throws 
GuacamoleException {
        if (credentials.getUsername() != null
                && credentials.getUsername().indexOf(GUACAMOLE_ADMINISTRATOR) 
== -1) {
            if (!AuthenticationTacacs.authenticate(credentials.getUsername(),
                    credentials.getPassword(),
                    credentials.getRemoteAddress())) {
                        logger.warn("Tacacs authentication attempt from {} for 
user \"{}\" failed.",
                                        credentials.getRemoteAddress(), 
credentials.getUsername());
                        throw new GuacamoleInvalidCredentialsException(
                                        "Tacacs authentication attempt from " + 
credentials.getRemoteAddress()
                                        + " for user \"" + 
credentials.getUsername() + "\" failed.",
                                        CredentialsInfo.USERNAME_PASSWORD);
            } else {
                if (logger.isInfoEnabled())
                    logger.info("User \"{}\" successfully authenticated with 
Tacacs from {}.",
                            credentials.getUsername(),
                            Utils.getLoggableAddress(credentials.getRequest()));

            }
        }
    }
}

And problem is Active Sessions are not shown,

Any idea, what is missing?

-Gabriel