Thanks! It works perfect!
Igorlea: "Mike Jumper" <[email protected]> Hartzailea: "user" <[email protected]> Bidalita: 2016(e)ko Maiatzak 25, Asteazkena 21:05:41 Gaia: Re: External link to a connection On Tue, May 24, 2016 at 11:51 PM, Iker Ibarguren Berasaluze < [email protected] > wrote: Hi, We have an intranet where I want to print the direct url to a connection for a user. I mean, if in my intranet I´m reading user1 profile, I want to append a button witch can be clicked in order to control this machine directly. I tried accessing guacamole mysql data but there is no the necesary info to get the url. Is there any way to do this? The necessary information is indeed there - you just need to know how to generate the URL. The base64 bit after ".../guacamole/client/" in the URL of a connection is built from the following information: 1. The connection identifier (in MySQL / PostgreSQL, this will be the connection ID) 2. The type ("c" for connections and "g" for balancing groups) 3. The identifier of the auth provider storing the connection data (usually "postgresql", "mysql", or "ldap" - in your case the correct value would be "mysql") Each of these components separated from the other by a single NULL character (U+0000), with the resulting string encoded with base64. For example, "NQBjAHBvc3RncmVzcWw=", a valid base64 string taken from an actual Guacamole deployment, decodes to: $ echo 'NQBjAHBvc3RncmVzcWw=' | base64 -d | xxd 0000000: 3500 6300 706f 7374 6772 6573 716c 5.c.postgresql $ "5" being the connection identifier, "c" indicating that this is a connection and not a group, and "postgresql" representing the auth provider (PostgreSQL). Within the Guacamole web application, this string is generated within JavaScript by the "ClientIdentifier" class using "ClientIdentifier.toString()" function: https://github.com/apache/incubator-guacamole-client/blob/0.9.9/guacamole/src/main/webapp/app/navigation/types/ClientIdentifier.js#L99-L119 The base64 identifier actually only has meaning to the JavaScript code - it is decoded and parsed out into its individual components prior to making the request to open the tunnel, at which point these values are included as normal HTTP parameters: https://github.com/apache/incubator-guacamole-client/blob/0.9.9/guacamole/src/main/webapp/app/client/types/ManagedClient.js#L428-L435 https://github.com/apache/incubator-guacamole-client/blob/0.9.9/guacamole/src/main/webapp/app/client/types/ManagedClient.js#L153-L216 The easiest way to obtain this string would be to simply copy it from the URL of the connection from within the Guacamole interface, but you can also use the above algorithm to generate it yourself. Note that this does not bypass authentication - the users will still need to authenticate with Guacamole to gain access to any connection, even if they know the URL ahead of time. If you would rather that users login to your existing application only, the proper way to achieve this is to integrate Guacamole into that application using an extension (such that Guacamole can validate the user's authenticated status and pull their data, without prompting them again for credentials). Avoid the temptation to disable Guacamole's authentication entirely; it may seem simpler, but it is an EXTREMELY bad idea. Hope this helps, - Mike
