guac 1.5.0 failed to access vnc

2023-04-23 Thread Simon 
hi,


 I have run guac in docker, version 1.5.0 and in db model.

Re: Issue with Guacamole 1.5.0, OpenID and Totp

2023-04-23 Thread Michael Jumper 
Both TOTP and OpenID have anti-replay defenses built in that prevent the
same auth data from being submitted twice. This works great when either is
used independently, but when combined they conflict with each other. The
same occurs when TOTP is combined with SAML, as well as some other
combinations that involve the same kind of resubmission flow:

https://issues.apache.org/jira/browse/GUACAMOLE-1762

https://issues.apache.org/jira/browse/GUACAMOLE-1691

There is work underway to allow TOTP and the various SSO extensions to not
conflict.

- Mike

On Sat, Apr 22, 2023, 9:28 AM Zubizarreta Pikabea, Aitzol <
aitzol.zubizarr...@tecnalia.com> wrote:

> Good afternoon,
>
>
>
> We have a Guacamole setup with the OpenID and ToTp extensions enabled. We
> are having issues with this setup as users authenticated via our OpenID
> Connect Idp (Duende 6) get the ToTP configuration prompt but after
> successful authentication guacamole rejects them with the error message
> ‘Invalid session’.
>
>
>
> The terminal logs this message: “[http-nio-8080-exec-6] INFO
> o.a.g.a.o.t.TokenValidationService - Rejected OpenID token with invalid/old
> nonce.”
>
>
>
> The JWT token includes a nonce claim that is perfectly valid but for some
> reason our setup is not working. If we disable the ToTp extension it works
> perfect. The user can login and access the published servers with no issues.
>
>
>
> Can anybody help us with this issue?
>
>
>
> Kind regards,
>

Proxy guacd recording

2023-04-23 Thread Mike Brown 
Hi all,

I’m playing with the Xorg experimental driver and omg it’s so snappy and
beautiful. I understand that the driver implements it’s own guacd, and so
the recommendation (requirement?) is to configure a connection with type
“xorg” and the the target host and driver guacd port in the connection’s
proxy settings.

All of that works, and if I configure connection parameters to enable
recording, I see the target gets them and tries to start recording. Except
that highlights our issue - we don’t want the target to be doing the
recording, or to even have access to that storage. We’d prefer an
intermediary guacd that can do the recording. I’m hoping this is one of
them dumb questions and I’m overlooking something obvious, but is there a
way to achieve this?

I also wanted to say thank you for all of the effort and contributions that
make Guacamole a joy to use and engineer with. It’s been so much fun
figuring out how to make it work how we want.
-- 
-- 
Mike Brown