Re: user logs in but cannot see authorized connection

[Nick Couchman]

On Wed, Jun 1, 2022 at 6:51 PM Vieri  wrote:

> Any ideas on this matter?
> It's important to correctly honor groups sent via SAML.
>
> I see this:
>
> SAMLAuthenticatedUser.java:List samlGroups =
> identity.getAttributes().get(confService.getGroupAttribute());
>
> called in:
>
> SAMLAuthenticatedUser.java:private Set
> getGroups(AssertedIdentity identity)
>
> called by:
>
> SAMLAuthenticatedUser.java:super.init(identity.getUsername(),
> credentials, getGroups(identity), getTokens(identity));
>
> and in the tomcat log everything seems to be in order:
>
> o.a.g.a.j.b.E.selectEffectiveGroupIdentifiers - ==> Parameters:
> 3(Integer), group1(String), group2(String), My_Group(String), group3(String)
>
>
Does the case of the groups created in JDBC match the case in this log
message? So, for example, is your JDBC group called "group1" or "Group1" or
"GROUP1"? It needs to match exactly.

-NIck

Re: Frequent disconnections occurring now

[Nick Couchman]

On Wed, Jun 1, 2022 at 8:18 PM Lockhart, Roland 
wrote:

> Hi
>
>
>
> These seem to be from the same user with 4 sessions this morning
>
>
>
> There seem to be various causes
>
>
>
> That user logs in via a highly available corporate network so it should be
> reliable
>
>
>
> I am curious about these two logged events
>
>
>
> "The disconnection was initiated by an administrative tool on the server
> running in the user's session.”
>
>
>
> Could the user be doing something?
>
>
>

This would seem to indicate either the user doing something (logging off)
or an administrative setting kicking in that is forcing the logoff (idle
session timeout, session time limit, etc.).

-Nick

>

RE: Frequent disconnections occurring now

[Lockhart, Roland]

Hi

These seem to be from the same user with 4 sessions this morning

There seem to be various causes

That user logs in via a highly available corporate network so it should be 
reliable

I am curious about these two logged events

"The disconnection was initiated by an administrative tool on the server 
running in the user's session.”

Could the user be doing something?

Thanks




{"log":"guacd[4579]: INFO:\u0009Security mode: 
TLS\n","stream":"stderr","time":"2022-06-01T22:13:57.633941741Z"}
{"log":"guacd[4579]: INFO:\u0009Resize method: 
none\n","stream":"stderr","time":"2022-06-01T22:13:57.633971191Z"}
{"log":"guacd[4579]: INFO:\u0009User \"@f4323947-d674-4c68-b96b-b531ffa9297a\" 
joined connection \"$91cffa3c-27c0-4249-b1d8-02f80fea833e\" (1 users now 
present)\n","stream":"stderr","time":"2022-06-01T22:13:57.6339754Z"}
{"log":"guacd[4579]: INFO:\u0009Loading keymap 
\"base\"\n","stream":"stderr","time":"2022-06-01T22:13:57.633979772Z"}
{"log":"guacd[4579]: INFO:\u0009Loading keymap 
\"en-us-qwerty\"\n","stream":"stderr","time":"2022-06-01T22:13:57.633983343Z"}
{"log":"guacd[4579]: INFO:\u0009guacdr 
connected.\n","stream":"stderr","time":"2022-06-01T22:13:57.796612295Z"}
{"log":"guacd[4579]: INFO:\u0009guacsnd 
connected.\n","stream":"stderr","time":"2022-06-01T22:13:57.796644932Z"}
{"log":"guacd[4579]: INFO:\u0009Connected to RDPDR 1.13 as client 
0x0002\n","stream":"stderr","time":"2022-06-01T22:13:58.192025403Z"}
{"log":"guacd[4579]: INFO:\u0009Ignoring server capability set type=0x0001, 
length=44\n","stream":"stderr","time":"2022-06-01T22:13:58.193162577Z"}
{"log":"guacd[4579]: INFO:\u0009Ignoring server capability set type=0x0002, 
length=8\n","stream":"stderr","time":"2022-06-01T22:13:58.193176746Z"}
{"log":"guacd[4579]: INFO:\u0009Ignoring server capability set type=0x0003, 
length=8\n","stream":"stderr","time":"2022-06-01T22:13:58.193180768Z"}
{"log":"guacd[4579]: INFO:\u0009Ignoring server capability set type=0x0004, 
length=8\n","stream":"stderr","time":"2022-06-01T22:13:58.193184335Z"}
{"log":"guacd[4579]: INFO:\u0009Ignoring server capability set type=0x0005, 
length=8\n","stream":"stderr","time":"2022-06-01T22:13:58.193187874Z"}
{"log":"guacd[4579]: INFO:\u0009Sending 
capabilities...\n","stream":"stderr","time":"2022-06-01T22:13:58.193191363Z"}
{"log":"guacd[4579]: INFO:\u0009Capabilities 
sent.\n","stream":"stderr","time":"2022-06-01T22:13:58.193194705Z"}
{"log":"guacd[4579]: INFO:\u0009Client ID 
confirmed\n","stream":"stderr","time":"2022-06-01T22:13:58.193198732Z"}
{"log":"guacd[4579]: INFO:\u0009User logged 
on\n","stream":"stderr","time":"2022-06-01T22:14:04.0027861Z"}
{"log":"guacd[4579]: INFO:\u0009All supported devices 
sent.\n","stream":"stderr","time":"2022-06-01T22:14:04.002820339Z"}
{"log":"guacd[4579]: INFO:\u0009RDP server closed connection: Manually logged 
off.\n","stream":"stderr","time":"2022-06-01T22:40:10.423593688Z"}
{"log":"guacd[4579]: INFO:\u0009User \"@f4323947-d674-4c68-b96b-b531ffa9297a\" 
disconnected (0 users 
remain)\n","stream":"stderr","time":"2022-06-01T22:40:10.435378454Z"}
{"log":"guacd[4579]: INFO:\u0009Last user of connection 
\"$91cffa3c-27c0-4249-b1d8-02f80fea833e\" 
disconnected\n","stream":"stderr","time":"2022-06-01T22:40:10.435410989Z"}
{"log":"connected to 
10.202.3.224:3389\n","stream":"stdout","time":"2022-06-01T22:40:10.436055299Z"}
{"log":"ERRINFO_UNKNOWN 0x000C: Unknown 
error.\n","stream":"stdout","time":"2022-06-01T22:40:10.436065196Z"}
{"log":"guacd[1]: INFO:\u0009Connection 
\"$91cffa3c-27c0-4249-b1d8-02f80fea833e\" 
removed.\n","stream":"stderr","time":"2022-06-01T22:40:10.440702894Z"}
{"log":"guacd[1]: INFO:\u0009Creating new client for protocol 
\"rdp\"\n","stream":"stderr","time":"2022-06-01T22:40:13.613303991Z"}
{"log":"guacd[1]: INFO:\u0009Connection ID is 
\"$64b09ff5-13bb-45fa-b5b4-f720efb400a6\"\n","stream":"stderr","time":"2022-06-01T22:40:13.613973335Z"}
{"log":"guacd[4589]: INFO:\u0009Security mode: 
TLS\n","stream":"stderr","time":"2022-06-01T22:40:13.661183687Z"}
{"log":"guacd[4589]: INFO:\u0009Resize method: 
none\n","stream":"stderr","time":"2022-06-01T22:40:13.661354918Z"}
{"log":"guacd[4589]: INFO:\u0009User \"@d4750f03-694f-44e5-a688-698adf714d1e\" 
joined connection \"$64b09ff5-13bb-45fa-b5b4-f720efb400a6\" (1 users now 
present)\n","stream":"stderr","time":"2022-06-01T22:40:13.661544289Z"}
{"log":"guacd[4589]: INFO:\u0009Loading keymap 
\"base\"\n","stream":"stderr","time":"2022-06-01T22:40:13.662016355Z"}
{"log":"guacd[4589]: INFO:\u0009Loading keymap 
\"en-us-qwerty\"\n","stream":"stderr","time":"2022-06-01T22:40:13.662030183Z"}
{"log":"guacd[4589]: INFO:\u0009guacdr 
connected.\n","stream":"stderr","time":"2022-06-01T22:40:13.820068964Z"}
{"log":"guacd[4589]: INFO:\u0009guacsnd 
connected.\n","stream":"stderr","time":"2022-06-01T22:40:13.820100551Z"}
{"log":"guacd[4589]: INFO:\u0009Connected to RDPDR 1.13 as client 
0x0002\n","stream":"stderr","time":"2022-06-01T22:40:14.286537381Z"}

Re: user logs in but cannot see authorized connection

[Vieri]

Any ideas on this matter?
It's important to correctly honor groups sent via SAML.

I see this:

SAMLAuthenticatedUser.java:    List samlGroups = 
identity.getAttributes().get(confService.getGroupAttribute());

called in:

SAMLAuthenticatedUser.java:    private Set getGroups(AssertedIdentity 
identity)

called by:

SAMLAuthenticatedUser.java:    super.init(identity.getUsername(), 
credentials, getGroups(identity), getTokens(identity));

and in the tomcat log everything seems to be in order:

o.a.g.a.j.b.E.selectEffectiveGroupIdentifiers - ==> Parameters: 3(Integer), 
group1(String), group2(String), My_Group(String), group3(String)

So what next?

Am I misunderstanding the way SAML works with Guacamole, or could it be a bug 
or missing feature?

Any answer will do...

Thanks,

Vieri Jerome

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Re: Apache Guacamole html page edit

[Suat Toksöz]

Thanks Nick, 

Then how can I modify the apache guacamole client , so no one can access to 
active session link from outside.

> On 1 Jun 2022, at 20:34, Nick Couchman  wrote:
> 
> 
>> On Wed, Jun 1, 2022 at 12:54 PM Suat Toksöz  wrote:
> 
>> So, what is your suggestion for me to edit admin active session tab?
>> 
> 
> Creating a custom extension and using the HTML replace functionality is the 
> best way to make sure that your changes are future-proof - the base of 
> Guacamole Client can stay unmodified, which means upgrades won't require any 
> re-application of changes.
> 
> That said, you should be advised that simply hiding the HTML link for the 
> admin doesn't mean that that the functionality is disabled - someone with 
> knowledge of the Guacamole code and how the links are generated could 
> retrieve the link and access the session, anyway. Removing the HTML link is 
> just "security by obscurity."
> 
> -Nick

Re: Compile on Ubuntu 22.04 => openssl

[Nick Couchman]

On Wed, Jun 1, 2022 at 12:36 PM Alejandro Hernandez 
wrote:

> Understood... thanks!
>
> Another question, probably very basic for this forum but... I'm looking in
> the git the equivalent file to:
>
>
> https://apache.org/dyn/closer.lua/guacamole/1.4.0/source/guacamole-server-1.4.0.tar.gz
>
>
> But can't find it... it is not built yet? what do I have to do? where do I
> look for it?
>
Well, no, not really -the files only get built during the release process.
That said, it is possible to get a zip file of the git master repo - if you
go to the github page, there is a green "code" button and you can click
that and there is a "Download ZIP" link that will download the git code.

-NIck

>

Re: Apache Guacamole html page edit

[Nick Couchman]

On Wed, Jun 1, 2022 at 12:54 PM Suat Toksöz  wrote:

> So, what is your suggestion for me to edit admin active session tab?
>
>
Creating a custom extension and using the HTML replace functionality is the
best way to make sure that your changes are future-proof - the base of
Guacamole Client can stay unmodified, which means upgrades won't require
any re-application of changes.

That said, you should be advised that simply hiding the HTML link for the
admin doesn't mean that that the functionality is disabled - someone with
knowledge of the Guacamole code and how the links are generated could
retrieve the link and access the session, anyway. Removing the HTML link is
just "security by obscurity."

-Nick

>

Re: Apache Guacamole html page edit

[Suat Toksöz]

So, what is your suggestion for me to edit admin active session tab?

> On 1 Jun 2022, at 19:25, Nick Couchman  wrote:
> 
> 
>> On Wed, Jun 1, 2022 at 12:06 PM Joachim Lindenberg 
>>  wrote:
> 
>> Two questions:
>> 
>> can this be done with an extension rather than a modification?
> Yes, and this would be a better way to do it. You should be able to use the 
>  tag along with "replace", as documented in the guacamole-ext page in 
> the manual, to replace the content that creates the link.
> 
>> didn´t this come up several times earlier and could be a configuration 
>> option that the webapp addresses out-of-the-box?
> I don't think disabling this completely has come up; however, there is a PR 
> in progress, along with a Jira issue, to notify users when someone joins and 
> leaves the connection, so at least there is a visual cue for users that there 
> is someone else on that connection.
> 
> -NIck

Re: Compile on Ubuntu 22.04 => openssl

[Alejandro Hernandez]

Understood... thanks!

Another question, probably very basic for this forum but... I'm looking 
in the git the equivalent file to:


https://apache.org/dyn/closer.lua/guacamole/1.4.0/source/guacamole-server-1.4.0.tar.gz

But can't find it... it is not built yet? what do I have to do? where do 
I look for it?


Thanks again

El 2022-06-01 10:23, Nick Couchman escribió:

On Wed, Jun 1, 2022 at 12:19 PM Alejandro Hernandez 
 wrote:



Hello everyone,

Thanks for the update Mike!

Something I don't have clear, probably because mi lack of experience 
with the git:


If I download the server from the "official" Guacamole site:

https://guacamole.apache.org/releases/1.4.0/

Thats the version that has the mentioned problems, so instead I should 
download from the git:


https://github.com/apache/guacamole-server

Why the download link isn't updated on the main site? The git still a 
work in progress / beta version that may have some other issues???


Correct, this is the in-progress/development version, not a release, so 
we do not link in on the site as a release.


-Nick

Re: Apache Guacamole html page edit

[Nick Couchman]

On Wed, Jun 1, 2022 at 12:06 PM Joachim Lindenberg 
wrote:

> Two questions:
>
>- can this be done with an extension rather than a modification?
>
> Yes, and this would be a better way to do it. You should be able to use
the  tag along with "replace", as documented in the guacamole-ext
page in the manual, to replace the content that creates the link.


>-
>- didn´t this come up several times earlier and could be a
>configuration option that the webapp addresses out-of-the-box?
>
> I don't think disabling this completely has come up; however, there is a
PR in progress, along with a Jira issue, to notify users when someone joins
and leaves the connection, so at least there is a visual cue for users that
there is someone else on that connection.

-NIck

Re: Compile on Ubuntu 22.04 => openssl

[Nick Couchman]

On Wed, Jun 1, 2022 at 12:19 PM Alejandro Hernandez 
wrote:

> Hello everyone,
>
>
> Thanks for the update Mike!
>
>
> Something I don't have clear, probably because mi lack of experience with
> the git:
>
>
> If I download the server from the "official" Guacamole site:
>
>
> https://guacamole.apache.org/releases/1.4.0/
>
>
> Thats the version that has the mentioned problems, so instead I should
> download from the git:
>
>
> https://github.com/apache/guacamole-server
>
>
> Why the download link isn't updated on the main site? The git still a work
> in progress / beta version that may have some other issues???
>
>
> Correct, this is the in-progress/development version, not a release, so we
do not link in on the site as a release.

-Nick

>

Re: Compile on Ubuntu 22.04 => openssl

[Alejandro Hernandez]

Hello everyone,

Thanks for the update Mike!

Something I don't have clear, probably because mi lack of experience 
with the git:


If I download the server from the "official" Guacamole site:

https://guacamole.apache.org/releases/1.4.0/

Thats the version that has the mentioned problems, so instead I should 
download from the git:


https://github.com/apache/guacamole-server

Why the download link isn't updated on the main site? The git still a 
work in progress / beta version that may have some other issues???


THANKS

El 2022-04-26 20:24, Michael Jumper escribió:


On Tue, Apr 26, 2022, 10:22 Gerd Hoerst  wrote:


Hi !

i tried to compile the 1.4.0 package for Ubuntu 22.04 but i get some 
of

this errors...

make[3]: Verzeichnis
„/root/develop/guacamole-server-1.4.0/src/common-ssh" wird betreten
CC   libguac_common_ssh_la-key.lo
key.c: In function 'guac_common_ssh_key_alloc':
key.c:63:9: error: 'PEM_read_bio_RSAPrivateKey' is deprecated: Since
OpenSSL 3.0 [-Werror=deprecated-declarations]
63 | rsa_key = PEM_read_bio_RSAPrivateKey(key_bio, NULL,
NULL, passphrase);
| ^~~
In file included from key.c:33:


I believe this has already been addressed on the latest git via the 
support for OpenSSH-format keys. We no longer invoke the function in 
question, and instead use the key reading functions provided by 
libssh2.


- Mike

AW: Apache Guacamole html page edit

[Joachim Lindenberg]

Two questions:

*   can this be done with an extension rather than a modification?
*   didn´t this come up several times earlier and could be a configuration 
option that the webapp addresses out-of-the-box?

Thanks, Joachim

 

Von: Suat Toksöz <> 
Gesendet: Wednesday, 1 June 2022 17:56
An: user@guacamole.apache.org
Betreff: Re: Apache Guacamole html page edit

 

Thanks Nick,

 

So İ need to get the apache guacamole client source code , then change the html 
tag ten compile and generate the war file for tomcat right?

 

The change that we newd is this, admin user should not able to intersep the 
active connections. So the link for each active session should be #. 





On 1 Jun 2022, at 18:05, Nick Couchman mailto:vn...@apache.org> > wrote:



On Wed, Jun 1, 2022 at 10:47 AM Suat Toksöz mailto:stok...@gmail.com> > wrote:

Also, I am not able to find the file location on apache guacamole source code.

https://dlcdn.apache.org/guacamole/1.4.0/source/



 

 

That's the guacamole-server (guacd) source code - the code for the web 
interface is in the guacamole-client source code. For the connection history 
and active sessions, the code is specifically, here:

 

https://github.com/apache/guacamole-client/tree/master/guacamole/src/main/frontend/src/app/settings/templates

 

Please note those are the HTML templates that are used by AngularJS to fill in 
the data. So, whatever modifications you want to do will likely need to be a 
combination of edits to those HTML templates as well as the AngularJS files 
that actually populate data.

 

-NIck

Re: Apache Guacamole html page edit

[Suat Toksöz]

Thanks Nick,

So İ need to get the apache guacamole client source code , then change the html 
tag ten compile and generate the war file for tomcat right?

The change that we newd is this, admin user should not able to intersep the 
active connections. So the link for each active session should be #. 

> On 1 Jun 2022, at 18:05, Nick Couchman  wrote:
> 
> 
>> On Wed, Jun 1, 2022 at 10:47 AM Suat Toksöz  wrote:
> 
>> Also, I am not able to find the file location on apache guacamole source 
>> code.
>> 
>> https://dlcdn.apache.org/guacamole/1.4.0/source/
>> 
>> 
> 
> That's the guacamole-server (guacd) source code - the code for the web 
> interface is in the guacamole-client source code. For the connection history 
> and active sessions, the code is specifically, here:
> 
> https://github.com/apache/guacamole-client/tree/master/guacamole/src/main/frontend/src/app/settings/templates
> 
> Please note those are the HTML templates that are used by AngularJS to fill 
> in the data. So, whatever modifications you want to do will likely need to be 
> a combination of edits to those HTML templates as well as the AngularJS files 
> that actually populate data.
> 
> -NIck

Re: Apache Guacamole html page edit

[Tushar Jain]

That’s the server code you are looking at. Instead, you have to download the 
client code. Following is the location:

https://github.com/apache/guacamole-client
[https://opengraph.githubassets.com/7090848d7aceb6ab363d51e09d02c07d6fe6b51e0fd4b0fe2d3f9ac66a4b0c2f/apache/guacamole-client]
apache/guacamole-client: Mirror of Apache Guacamole Client - 
GitHub
Mirror of Apache Guacamole Client. Contribute to apache/guacamole-client 
development by creating an account on GitHub.
github.com


From: Suat Toksöz 
Sent: Wednesday, June 1, 2022 8:17 PM
To: user@guacamole.apache.org 
Subject: Re: Apache Guacamole html page edit

Also, I am not able to find the file location on apache guacamole source code.

https://dlcdn.apache.org/guacamole/1.4.0/source/
[image.png]

On Wed, Jun 1, 2022 at 9:11 AM Suat Toksöz 
mailto:stok...@gmail.com>> wrote:
Thanks Nick for the quick response.

I want to edit WAR file (https://guacamole.apache.org/releases/1.4.0/) and re 
build the WAR file then deploy to the tomcat server. But, I can not able to 
find html section to edit. We want to edit the "Active Session" section of the 
admin page, where I can find the html files for this on the WAR file.

[image.png]
Thanks


On Tue, May 31, 2022 at 5:58 PM Nick Couchman 
mailto:vn...@apache.org>> wrote:
On Tue, May 31, 2022 at 10:13 AM Suat Toksöz 
mailto:stok...@gmail.com>> wrote:
Hi,

I would like to edit apache guacamole admin web site, where I can find the html 
tags?


If you want to edit the admin site, you should edit the source code and 
re-builld it, and not edit the pages directly. As the site is hosted by Tomcat, 
the static pages are deployed from the WAR file, which can be re-deployed at 
any time and will overwrite any changes you make.

To edit the source code, you can either edit the source directly and rebuild 
the war, or you can build an extension module that modifies the HTML code 
dynamically. The second option is the recommended route.

To edit the source code directly, you need to download the source code and then 
find the location that you want to edit in the 
guacamole/src/main/frontend/src/app directory.

If you want to build an extension that modifies the HTML, see the following 
manual page, and the following branding example:
https://guacamole.apache.org/doc/gug/guacamole-ext.html#updating-existing-html
https://github.com/apache/guacamole-client/tree/master/doc/guacamole-branding-example

Feel free to post back here with any further questions or concerns.

-Nick


--

Best regards,

Suat Toksöz


--

Best regards,

Suat Toksöz

Re: Apache Guacamole html page edit

[Nick Couchman]

On Wed, Jun 1, 2022 at 10:47 AM Suat Toksöz  wrote:

> Also, I am not able to find the file location on apache guacamole source
> code.
>
> https://dlcdn.apache.org/guacamole/1.4.0/source/
> [image: image.png]
>
>
That's the guacamole-server (guacd) source code - the code for the web
interface is in the guacamole-client source code. For the connection
history and active sessions, the code is specifically, here:

https://github.com/apache/guacamole-client/tree/master/guacamole/src/main/frontend/src/app/settings/templates

Please note those are the HTML templates that are used by AngularJS to fill
in the data. So, whatever modifications you want to do will likely need to
be a combination of edits to those HTML templates as well as the AngularJS
files that actually populate data.

-NIck

>

Re: Apache Guacamole html page edit

[Suat Toksöz]

Also, I am not able to find the file location on apache guacamole source
code.

https://dlcdn.apache.org/guacamole/1.4.0/source/
[image: image.png]

On Wed, Jun 1, 2022 at 9:11 AM Suat Toksöz  wrote:

> Thanks Nick for the quick response.
>
> I want to edit WAR file (https://guacamole.apache.org/releases/1.4.0/)
> and re build the WAR file then deploy to the tomcat server. But, I can not
> able to find html section to edit. We want to edit the "Active Session"
> section of the admin page, where I can find the html files for this on the
> WAR file.
>
> [image: image.png]
> Thanks
>
>
> On Tue, May 31, 2022 at 5:58 PM Nick Couchman  wrote:
>
>> On Tue, May 31, 2022 at 10:13 AM Suat Toksöz  wrote:
>>
>>> Hi,
>>>
>>> I would like to edit apache guacamole admin web site, where I can find
>>> the html tags?
>>>
>>>
>> If you want to edit the admin site, you should edit the source code and
>> re-builld it, and not edit the pages directly. As the site is hosted by
>> Tomcat, the static pages are deployed from the WAR file, which can be
>> re-deployed at any time and will overwrite any changes you make.
>>
>> To edit the source code, you can either edit the source directly and
>> rebuild the war, or you can build an extension module that modifies the
>> HTML code dynamically. The second option is the recommended route.
>>
>> To edit the source code directly, you need to download the source code
>> and then find the location that you want to edit in the
>> guacamole/src/main/frontend/src/app directory.
>>
>> If you want to build an extension that modifies the HTML, see the
>> following manual page, and the following branding example:
>>
>> https://guacamole.apache.org/doc/gug/guacamole-ext.html#updating-existing-html
>>
>> https://github.com/apache/guacamole-client/tree/master/doc/guacamole-branding-example
>>
>> Feel free to post back here with any further questions or concerns.
>>
>> -Nick
>>
>>>
>
> --
>
> Best regards,
>
> *Suat Toksöz*
>


-- 

Best regards,

*Suat Toksöz*

user logs in but cannot see authorized connection

[Vieri]

Hi,

A specific user logs in fine but is not shown the authorized connection list.
This user is a member of group My_Group.

I can see that the DB is OK:

"SELECT entity_id FROM guacamole_entity WHERE name = 'My_Group' AND type = 
'USER_GROUP';"
 entity_id
---
   151
(1 row)

"SELECT * FROM  guacamole_user_group WHERE entity_id = 151;"

 user_group_id | entity_id | disabled
---+---+--
 1 |   151 | f
(1 row)

"SELECT * FROM  guacamole_user_group WHERE entity_id = 151;"

 user_group_id | entity_id | disabled
---+---+--
 1 |   151 | f
(1 row)

"SELECT * FROM  guacamole_connection WHERE connection_name = 'Intranet kiosk 
(RDP)';"

 connection_id |   connection_name   | parent_id | protocol | max_connections | 
max_connections_per_user | connection_weight | failover_only | proxy_port | 
proxy_hostname | proxy_encryption_method
---+-+---+--+-+--+---+---+++-
   139 | Intranet kiosk (RDP)|   | rdp  | | 
 |   | f |    | 
   |
(1 row)

"SELECT * FROM  guacamole_connection_parameter WHERE connection_id = 139;"

 connection_id | parameter_name |   parameter_value
---++--
   139 | hostname   | ...
   139 | load-balance-info  | ...
   139 | security   | nla
   139 | remote-app | ||IntranetFFkiosk
(17 rows) [trimmed]

"SELECT * FROM  guacamole_connection_permission WHERE connection_id = 139;"

 entity_id | connection_id | permission
---+---+
   151 |   139 | READ
(1 row)

All the above should mean that the group 'My_Group' *should* see and access the 
connection "Intranet kiosk (RDP)", right?

Now, if the user who logs in doesn't it means that Guacamole does not consider 
it a member of 'My_Group', right?

I am using Postgresql as a backend, and I'm not specifying within the DB tht 
this user is a member of 'My_Group'. That's because I want to delegate 
user/group management to SAML.
I have this in my giavamole.properties:

saml-group-attribute: urn:oid:1.2.840.113556.1.2.102

I also have

saml-debug: true

When the user logs in I can see this in catalina:

c.onelogin.saml2.authn.SamlResponse - SAMLResponse has attributes: 
{urn:oid:1.2.840.113556.1.2.102=[Some_group, My_Group, Another_Group], 
urn:oid:2.5.4.3=[MyUser], IDP=[INTERNAL]}

The group is there, so what's wrong?

Vieri Jerome



-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Re: Guacamole re-connection attempts never stop... they should?

[Jürgen Kuri]

Suggestion:

1) keep endless reconnect as default

2) have two connection specific and / or global parameter:
   a. number of retries
   b. retry interval

3) if we have these parameters as global and on connection level, global is 
overwritten for specific connection if defined

El 31.05.22 a las 22:44, Lee Doughty escribió:

Hello Guacamole Community,

I tried asking this a few weeks ago, but it looks like there was not a lot of 
traction on this idea.. but I wanted to try one more time before I gave up on 
it.

I think it would be a great feature to stop auto-reconnect attempts that are simply not 
connecting after several dozen attempts. I've seen in our logs that some users hit the 
"Reconnect" button or otherwise get into a reconnect loop, then leave the tab 
open for hours *or days*. This results in our guacamole server getting a ping every 
minute or so from a user trying to connect to a VM that is not available, and they just 
leave it retrying over and over again.

It would be nice to at least require user interaction to resume the connection 
attempts... So users have to return to the tab every N attempts to restart the 
countdown, instead of the current never-ending loop... I'm not suggesting any 
value for N... because any reasonable value would be nice over infinite. My 
record was somewhere in the ballpark of 7,000 attempts (5 days) before the user 
was kind enough to close the tab and stop poking our Guacamole server.

Is this something that can make it into an upcoming Guacamole release?

-Lee


--
Jürgen

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Re: Frequent disconnections occurring now

[Michael Jumper]

On Tue, May 31, 2022, 23:37 Lockhart, Roland 
wrote:

> These are the guacd logs for a session which I was disconnected from today
> while working
>
> ...
>
> {"log":"guacd[4459]: ERROR:\u0009User is not
> responding.\n","stream":"stderr","time":"2022-06-01T05:27:37.281117085Z"}
>
If you were indeed still connected (you didn't close the browser tab), this
indicates that there was a network disruption. Something interrupted
communication and resulted in Guacamole considering your connection closed
and cleaning up your connection.

> Other users are reporting disconnected sessions of 46 seconds and such like
>
You will need to locate the logs for those disconnects to determine the
cause. The fact that other connections closed is not enough to determine
why they closed.

- Mike

RE: Frequent disconnections occurring now

[Lockhart, Roland]

These are the guacd logs for a session which I was disconnected from today 
while working



{"log":"guacd[1]: INFO:\u0009Creating new client for protocol 
\"rdp\"\n","stream":"stderr","time":"2022-06-01T04:50:32.261007419Z"}
{"log":"guacd[1]: INFO:\u0009Connection ID is 
\"$bccb5f53-437d-472a-a73f-2fafdee99c19\"\n","stream":"stderr","time":"2022-06-01T04:50:32.261805112Z"}
{"log":"guacd[4459]: INFO:\u0009Security mode: 
TLS\n","stream":"stderr","time":"2022-06-01T04:50:32.309144347Z"}
{"log":"guacd[4459]: INFO:\u0009Resize method: 
none\n","stream":"stderr","time":"2022-06-01T04:50:32.309177184Z"}
{"log":"guacd[4459]: INFO:\u0009User \"@10976fbc-9d18-43b8-bde1-3b8c191dabe8\" 
joined connection \"$bccb5f53-437d-472a-a73f-2fafdee99c19\" (1 users now 
present)\n","stream":"stderr","time":"2022-06-01T04:50:32.309183017Z"}
{"log":"guacd[4459]: INFO:\u0009Loading keymap 
\"base\"\n","stream":"stderr","time":"2022-06-01T04:50:32.310055251Z"}
{"log":"guacd[4459]: INFO:\u0009Loading keymap 
\"en-us-qwerty\"\n","stream":"stderr","time":"2022-06-01T04:50:32.310066682Z"}
{"log":"guacd[4459]: INFO:\u0009guacdr 
connected.\n","stream":"stderr","time":"2022-06-01T04:50:32.583240814Z"}
{"log":"guacd[4459]: INFO:\u0009guacsnd 
connected.\n","stream":"stderr","time":"2022-06-01T04:50:32.583273008Z"}
{"log":"guacd[4459]: INFO:\u0009Connected to RDPDR 1.13 as client 
0x0002\n","stream":"stderr","time":"2022-06-01T04:50:33.527621421Z"}
{"log":"guacd[4459]: INFO:\u0009Ignoring server capability set type=0x0001, 
length=44\n","stream":"stderr","time":"2022-06-01T04:50:33.52848374Z"}
{"log":"guacd[4459]: INFO:\u0009Ignoring server capability set type=0x0002, 
length=8\n","stream":"stderr","time":"2022-06-01T04:50:33.528494569Z"}
{"log":"guacd[4459]: INFO:\u0009Ignoring server capability set type=0x0003, 
length=8\n","stream":"stderr","time":"2022-06-01T04:50:33.52849869Z"}
{"log":"guacd[4459]: INFO:\u0009Ignoring server capability set type=0x0004, 
length=8\n","stream":"stderr","time":"2022-06-01T04:50:33.528502498Z"}
{"log":"guacd[4459]: INFO:\u0009Ignoring server capability set type=0x0005, 
length=8\n","stream":"stderr","time":"2022-06-01T04:50:33.52850601Z"}
{"log":"guacd[4459]: INFO:\u0009Sending 
capabilities...\n","stream":"stderr","time":"2022-06-01T04:50:33.528509637Z"}
{"log":"guacd[4459]: INFO:\u0009Capabilities 
sent.\n","stream":"stderr","time":"2022-06-01T04:50:33.52851296Z"}
{"log":"guacd[4459]: INFO:\u0009Client ID 
confirmed\n","stream":"stderr","time":"2022-06-01T04:50:33.528648925Z"}
{"log":"guacd[4459]: INFO:\u0009User logged 
on\n","stream":"stderr","time":"2022-06-01T04:50:56.780295933Z"}
{"log":"guacd[4459]: INFO:\u0009All supported devices 
sent.\n","stream":"stderr","time":"2022-06-01T04:50:56.780352551Z"}





{"log":"guacd[4459]: ERROR:\u0009User is not 
responding.\n","stream":"stderr","time":"2022-06-01T05:27:37.281117085Z"}
{"log":"guacd[4459]: INFO:\u0009User \"@10976fbc-9d18-43b8-bde1-3b8c191dabe8\" 
disconnected (0 users 
remain)\n","stream":"stderr","time":"2022-06-01T05:27:37.281152594Z"}
{"log":"guacd[4459]: INFO:\u0009Last user of connection 
\"$bccb5f53-437d-472a-a73f-2fafdee99c19\" 
disconnected\n","stream":"stderr","time":"2022-06-01T05:27:37.281157493Z"}
{"log":"guacd[4459]: INFO:\u0009Internal RDP client 
disconnected\n","stream":"stderr","time":"2022-06-01T05:27:37.764634834Z"}
{"log":"connected to 
172.31.1.167:3389\n","stream":"stdout","time":"2022-06-01T05:27:37.765348177Z"}
{"log":"guacd[1]: INFO:\u0009Connection 
\"$bccb5f53-437d-472a-a73f-2fafdee99c19\" 
removed.\n","stream":"stderr","time":"2022-06-01T05:27:37.769431717Z"}

Other users are reporting disconnected sessions of 46 seconds and such like

Thanks Michael

From: Michael Jumper 
Sent: Wednesday, June 1, 2022 11:45 AM
To: user@guacamole.apache.org
Subject: Re: Frequent disconnections occurring now

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.

On Tue, May 31, 2022, 18:35 Lockhart, Roland 
mailto:r.lockh...@aamgroup.com>> wrote:
And these

{"log":"01:21:32.408 [Thread-1461] ERROR 
o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Connection to guacd terminated 
abnormally: Connection to guacd timed 
out.\n","stream":"stdout","time":"2022-06-01T01:21:32.408781702Z"}
These messages indicate that Guacamole is unable to connect to guacd. The most 
likely cause is guacd is not running.

If you are still seeing issues after starting guacd, you really need to check 
the guacd logs. The logs you are looking at now are the Guacamole (webapp) 
logs. The webapp will not be aware of the specifics of any issues guacd may be 
having in connecting to your remote desktops.

- Mike

 Attention 
Email Disclaimer Notice - This message is the property of AAM Pty Ltd. The 
information in this email is confidential and may be legally privileged. It is 
intended 

Re: Apache Guacamole html page edit

[Suat Toksöz]

Thanks Nick for the quick response.

I want to edit WAR file (https://guacamole.apache.org/releases/1.4.0/) and
re build the WAR file then deploy to the tomcat server. But, I can not able
to find html section to edit. We want to edit the "Active Session" section
of the admin page, where I can find the html files for this on the WAR file.

[image: image.png]
Thanks


On Tue, May 31, 2022 at 5:58 PM Nick Couchman  wrote:

> On Tue, May 31, 2022 at 10:13 AM Suat Toksöz  wrote:
>
>> Hi,
>>
>> I would like to edit apache guacamole admin web site, where I can find
>> the html tags?
>>
>>
> If you want to edit the admin site, you should edit the source code and
> re-builld it, and not edit the pages directly. As the site is hosted by
> Tomcat, the static pages are deployed from the WAR file, which can be
> re-deployed at any time and will overwrite any changes you make.
>
> To edit the source code, you can either edit the source directly and
> rebuild the war, or you can build an extension module that modifies the
> HTML code dynamically. The second option is the recommended route.
>
> To edit the source code directly, you need to download the source code and
> then find the location that you want to edit in the
> guacamole/src/main/frontend/src/app directory.
>
> If you want to build an extension that modifies the HTML, see the
> following manual page, and the following branding example:
>
> https://guacamole.apache.org/doc/gug/guacamole-ext.html#updating-existing-html
>
> https://github.com/apache/guacamole-client/tree/master/doc/guacamole-branding-example
>
> Feel free to post back here with any further questions or concerns.
>
> -Nick
>
>>

-- 

Best regards,

*Suat Toksöz*