On 1/22/25 11:51 PM, Bhupender wrote:
Dear Support Team,
I hope this email finds you well. I am encountering issues with smart
card integration in our Guacamole deployment and would appreciate your
assistance.
...
*Current Implementation:*
1. *Guacamole Properties:*
properties
Copy
|rdp.security: nla rdp.enable-smartcard: true rdp.smartcard-readers:
ACS ACR39U ICC Reader 00 00 rdp.enable-drive: true rdp.create-drive-
path: true rdp.ignore-cert: true|
...
You're in the right place to seek assistance, but please note that this
is a community of your fellow users and volunteer developers, not a
support team.
Guacamole does not have smart cart redirection support and none of the
properties you show for your guacamole.properties are valid properties.
While the FreeRDP library and native "xfreerdp" client do have support
for smart cards, leveraging that support through JavaScript and the
browser is whole different problem. Low-level smart card operations are
not currently exposed by browsers through any standard API, and such an
API would be a prerequisite for implementing this.
Authenticating to Guacamole itself using smart cards _is_ possible in
the sense of single sign-on. That's part of the upcoming 1.6.0 release:
https://issues.apache.org/jira/browse/GUACAMOLE-839
This much is possible because it's purely between the browser and
webapp, and thus can build on the browser's support for SSL/TLS client
authentication. You can't pass that on to RDP, though, except to perhaps
pass the username from the card with the "${GUAC_USERNAME}" token:
https://guacamole.apache.org/doc/gug/configuring-guacamole.html#parameter-tokens
- Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
