Hi Nick,
Many thanks for your help
Here the interesting part from the Nginx configuration file :
location /guacamole/ {
proxy_pass http://172.16.1.58:8080/guacamole/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Authorization "";
proxy_set_header X-Guacamole-User $remote_user;
proxy_cookie_path /guacamole/ "/guacamole/; HTTPOnly; Secure; SameSite";
access_log /var/log/nginx/guac_access.log;
error_log /var/log/nginx/guac_error.log;
}
proxy_pass http://172.16.1.58:8080/guacamole/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Authorization "";
proxy_set_header X-Guacamole-User $remote_user;
proxy_cookie_path /guacamole/ "/guacamole/; HTTPOnly; Secure; SameSite";
access_log /var/log/nginx/guac_access.log;
error_log /var/log/nginx/guac_error.log;
}
From guacamole.properties files :
http-auth-header: X-Guacamole-UserLet me know if you need more information ?
Thanks
Shaguu
Envoyé: mardi 1 août 2023 à 23:13
De: "Nick Couchman" <[email protected]>
À: [email protected]
Objet: Re: Guacamole Auth Header
De: "Nick Couchman" <[email protected]>
À: [email protected]
Objet: Re: Guacamole Auth Header
On Tue, Aug 1, 2023 at 3:48 PM <[email protected]> wrote:
>
> Hello,
>
> I'm using Guacamole v1.5.1 with LDAP/MySQL under RHEL 8.8 and NGINX. It works perfectly.
>
> Access to this Guacamole server is made after an MFA authentication (Fortigate Web SSL bookmark) and I would like to minimize as much as possible the number of times the user must enter his identifiers. It seems that the Auth-Header extension answers this need but I can't login without entering my password.
>
> Could you help me?
Sure, can you share details of your configuration - in particular, the
bits of the Nginx configuration file that you're using to pass the
authentication header through?
-Nick
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
>
> Hello,
>
> I'm using Guacamole v1.5.1 with LDAP/MySQL under RHEL 8.8 and NGINX. It works perfectly.
>
> Access to this Guacamole server is made after an MFA authentication (Fortigate Web SSL bookmark) and I would like to minimize as much as possible the number of times the user must enter his identifiers. It seems that the Auth-Header extension answers this need but I can't login without entering my password.
>
> Could you help me?
Sure, can you share details of your configuration - in particular, the
bits of the Nginx configuration file that you're using to pass the
authentication header through?
-Nick
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
