I am attempting to build my own guacamole web application starting from the
example in
(https://guacamole.apache.org/doc/gug/writing-you-own-guacamole-app.html)
but utilizing the java code found in the main application so that I can
utilize the guacamole-ext code for authentication with the CAS extension. I
needed to modify the guacamole interface more than was possible with the
guacamole-ext patches. I am running my application using tomcat8. I have
created a guacamole-ext extension which handles the connection details, so
that any time CAS authenticates a user I give them an rdp connection to
127.0.0.1 named 'rdp connect' and provided by 'my-ext'.
So in my application the auth function looks like:
var guac = new Guacamole.ChainedTunnel(
new Guacamole.WebSocketTunnel('websocket-tunnel'),
new Guacamole.HTTPTunnel('tunnel'));
var connectString = "token=" + TICKET_FROM_CAS
+ "&GUAC_DATA_SOURCE=" + 'my-ext'
+ "&GUAC_ID=" + 'rdpconnect'
+ "&GUAC_TYPE=" + 'c';
guac.connect(connectString);
My application can send the user to the CAS page to login, and then come
back with a ticket, and it gets a 101 status code from the websocket.
However it tries to make a request to
http://myhost/my-guacamole/tunnel?connect and gets a 403 message back, with
guacamole-status-code 769 and guacamole-error-message "Permission Denied".
I have no issues using the official guacamole client to connect to xrdp, but
as far as I can tell my application is doing the same basic steps and
failing to get permission.
What additional steps do I need to take in order to get a permissible
connection? I've been trying to piece together the necessary javascript
from the guacamole webapp source code, but its a large project and I don't
really need the angular code.
--
Sent from:
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
