Re: Docker Guacamole Latest
> > > > guacamole/guacamole is something anyone in the Guacamole PPMC controls, > including myself. You should have access, too, as all committers are > implicitly PPMC within Guacamole. If not, that's an oversight we should > correct. > > See: https://lists.apache.org/thread.html/b345e6c72629e3bf79c3e1243c6290 > 073c3cf6f3901aa100a649f2a2@%3Cgeneral.incubator.apache.org%3E > Good to know. > > > I assume glyptodon/guacamole is yours? >> >> > Not really. "glyptodon/guacamole" is Glyptodon's, and while I'm certainly > affiliated with Glyptodon, I'm not equal to it. For the health of the > project, I refuse to wear my Glyptodon hat when doing anything within the > Guacamole community. Here, I am strictly a committer on the Guacamole > project and a member of its PPMC. > Makes sense. > > If the question here is whether third-party distribution of Guacamole is > harmful, my personal view is that it isn't, and that part of the philosophy > of the Apache Way is to embrace such distribution. It is expected (and > beneficial) that third parties will package and distribute Guacamole, > including via Docker images. Quickly checking Docker Hub, I find at least > 15 pages of search results for Docker images containing Guacamole: > > https://hub.docker.com/search/?isAutomated=0&isOfficial=0&; > page=1&pullCount=0&q=guacamole&starCount=0 > > To me, that's a good sign. > I totally agree. > > If there is a trademark/branding/licensing issue, however, that would be a > different matter and should definitely be corrected ASAP. > I think your answers above clear up some of the confusion - I was just trying to clarify things to understand if the original suggestion - to make sure only guacamole/guacamole had the newer versions (vs. glyptodon/guacamole) - made sense. For the purposes of this discussion glyptodon/guacamole is a "third party" to the Guacamole Project, so I definitely see and agree with your point - the Project should not worry about trying to control/sanitize/dictate/etc. what is posted there. -Nick
Re: Handling a SAML POST response
> > >> So, I think the approach you need to take is that, within the SAML >> extension itself, you need to create a REST endpoint that consumes handles >> a POST call to it, processes the data from the POST, and then translates >> that to the correct call to /guacamole/api/tokens to tell Guacamole that >> the login has succeeded. You can have a look at the other REST source code >> to see code that creates these types of services: >> >> https://github.com/apache/incubator-guacamole-client/tree/ >> master/guacamole/src/main/java/org/apache/guacamole/rest >> >> I've not actually implemented an extension-specific REST endpoint myself, >> so I can't provide very detailed instructions, but it is possible - Mike >> can probably provide further guidance, if needed. >> > > Here's a quick-and-dirty example of an extension-specific REST endpoint. I just did a quick modification to the JDBC base module. - First, I created a new class inside the extension code. I created a new directory called "rest" and a file called TestRESTModule.java: ---TestRESTModule.java--- package org.apache.guacamole.auth.jdbc.rest; import com.google.inject.Inject; import java.util.List; import javax.ws.rs.Consumes; import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.core.MediaType; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleResourceNotFoundException; @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) public class TestRESTModule { private final String hello = "Hello, world."; @GET @Path("hello") public String getHello() { return hello; } } ---End TestRESTModule.java--- - Next, in the Authentication Provider part of the module (for JDBC it's in the InjectedAuthenticationProvider.java file), locate the getResource() method and have it return this class (don't forget to import it): @Override public Object getResource() throws GuacamoleException { return new TestRESTModule(); } - Finally, log in to Guacamole, then pull up a tab with the URL (I'm using the PostgreSQL JDBC module): http://guacamole.example.com/guacamole/api/ext/postgresql/hello?token= And you should see "Hello, world." Obviously this isn't very useful, but should give you an idea of one way to go about this. Whatever class you return in getResource() can have the necessary methods to process the SAML POST, read in the body of the POST, and then accomplish whatever needs to be done to cause the login to succeed and reload the page. Hope this is of some use, or you've already figured it out! :-) -Nick
Re: Handling a SAML POST response
Nick; Thanks for all your help. Let me elaborate. When I say I have a REST service, it's just as you described -- a WS annotated class that is returned from the authentication provider's getResource method. I can call this REST service just fine, and know that it works. This service takes in as POST (from the SAML identity provider), calls the existing /api/tokens endpoint, passing all of the same content, and receives a Guacamole authentication token -- ie, the user is know authenticated by Guacamole (specifically by my authentication provider), and is stored in the session. This also works. I receive the token just fine. The problem is I need to pass this token, somehow, to the Guacamole UI so that when it calls /api/tokens itself, it can pass in the same token. The essentials of the REST method: @POST @Path("/postredirect") public Response redirectSamlPostToGet(@Context HttpServletRequest request, String content) throws GuacamoleException, URISyntaxException { try { String token = callTokenService(request, content); return Response.seeOther(new URI("http:///guacamole/#/token=" + token)).build(); } catch (Exception e) { logger.error("Error occurred in postredirect", e); throw new RuntimeException(e); } } There is no errors in the logs. In network traffic I see the redirect happen correctly. However, Guacamole is ignoring the token= portion of the URL. I've tried using id_token instead, but that is also ignored. -- Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Error message when disconnecting a Windows Server 2012
Hello everyone, I have a problem when disconnecting a Windows Server 2012. Indeed, this message appear : < The remote desktop server is currently unavailable. If the problem persists, please notify your system administrator, or check your system logs. > Error log message : < guacamole01 guacd[1453]: Error handling RDP file descriptors > Isn't present on Windows 2008 (log : < guacamole01 guacd[1436]: RDP server closed connection: Disconnected. >). What might be the reason for the problem? Sincerely, Kevin
Re: Handling a SAML POST response
On Thu, Sep 28, 2017 at 12:20 PM, Colin McGuigan < colin_guacam...@walkingshadows.org> wrote: > Nick; > > Thanks for all your help. Let me elaborate. > > When I say I have a REST service, it's just as you described -- a WS > annotated class that is returned from the authentication provider's > getResource method. I can call this REST service just fine, and know that > it works. > > Very nice. > This service takes in as POST (from the SAML identity provider), calls the > existing /api/tokens endpoint, passing all of the same content, and > receives > a Guacamole authentication token -- ie, the user is know authenticated by > Guacamole (specifically by my authentication provider), and is stored in > the > session. This also works. I receive the token just fine. > > The problem is I need to pass this token, somehow, to the Guacamole UI so > that when it calls /api/tokens itself, it can pass in the same token. The > essentials of the REST method: > > @POST > @Path("/postredirect") > public Response redirectSamlPostToGet(@Context HttpServletRequest > request, String content) throws GuacamoleException, URISyntaxException { > try { > String token = callTokenService(request, content); > return Response.seeOther(new URI("http:// > /guacamole/#/token=" + > token)).build(); > } catch (Exception e) { > logger.error("Error occurred in postredirect", e); > throw new RuntimeException(e); > } > } > > There is no errors in the logs. In network traffic I see the redirect > happen correctly. However, Guacamole is ignoring the token= portion > of the URL. I've tried using id_token instead, but that is also ignored. > > What if you try: return Response.seeOther(new URI("http:///guacamole/#/?token=" + token)).build(); (Add the ? between the token parameter and the Guacamole URL). Does that work? -Nick
Re: Error message when disconnecting a Windows Server 2012
On Thu, Sep 28, 2017 at 12:23 PM, Kevin Rivrain wrote: > Hello everyone, > > > > I have a problem when disconnecting a Windows Server 2012. Indeed, this > message appear : « The remote desktop server is currently unavailable. If > the problem persists, please notify your system administrator, or check > your system logs. » > > > > Error log message : « guacamole01 guacd[1453]: Error handling RDP file > descriptors » > > > > Isn’t present on Windows 2008 (log : « guacamole01 guacd[1436]: RDP > server closed connection: Disconnected. »). > > > > What might be the reason for the problem? > > > > Sincerely, > > Kevin > > > Kevin, A few questions for you: - What version of Guacamole are you running? - How did you install guacd? Was it a package, or did you build it yourself? - Does this happen consistently with multiple Windows 2012 servers, or just a single one? - Does it happen when you Disconnect, Log Off, or both? -Nick
Re: Handling a SAML POST response
Yes. You were entirely correct, that missing question mark was the problem. I feel more than a little silly for missing that. The entire thing now works end to end. Thank you all again for your assistance. -- Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/