Hi Nick You hit it on the head - it needs JDBC to work. I figured that out between sending my email and your reply :-/
With the JDBC module in place, I can create an empty user profile, then connect via auth-header and get the mapping. And there is a full-blown connector editor in there too! That needs to be advertised more - that alone is reason enough to use JDBC :-) Thanks On Tue, Oct 10, 2017 at 4:03 PM, Nick Couchman <[email protected]> wrote: > Jason, > > On Mon, Oct 9, 2017 at 10:06 PM, Jason Haar <[email protected]> > wrote: > >> Hi there >> >> I've just started playing with guacamole and have successfully got as far >> as creating a standalone user-profile (ie username/password) >> in user-mapping.xml - some RDP and SSH sessions - all working fine. >> >> So then I got more adventurous and decided on testing auth-header - as we >> would run such a beast behind an Apache reverse-proxy - so time to test. >> Well I've got the Apache server sending "X-User: email@address", and now >> when I connect I see I am automagically logged in as "email@address" - >> great! But there's no "profile" (for want of a better term). >> >> So then I edited user-mapping.xml and created a fake account for >> "email@address" , and cut-n-pasted my working standalone user profile >> into it (ie the same RDP and SSH "<connection>"'s). Restarted tomcat and - >> nothing. >> >> Whatever I try, all I get is an empty profile - no actual terminal >> services. Also, if I access the account's "Settings", all I get is the >> turning "cog wheel" - but nothing actually comes up. If I did that on my >> standalone account, I get to change my default language/etc. >> > > For the spinning cog wheel of infinity, there's a commit in the git master > repo that I believe will fix this issue. I doubt it's related to the other > trouble you're having - the lack of connection mapping. From what I can > tell you're doing things right, so not sure why that isn't working. > > I would suggest setting up the JDBC authentication module with a MySQL or > PostgreSQL database. It takes a few minutes longer, and definitely works > to layer the JDBC module with the auth-header module (or CAS, LDAP, etc.). > I can't remember if Mike mentioned something recently about the basic user > mapping module not working as a layered module or not - I haven't tried > it. Either way, I highly recommend using the JDBC module - particularly if > you plan to scale your deployment at all, it'll be much easier to do that > with JDBC. > > -Nick > -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
