Hi,
I have been trying to configure the guacamole-auth-json extension
(https://github.com/apache/guacamole-client/tree/master/extensions/guacamole-auth-json),
however I seem to be hitting roadblocks (likely due to me fumbling something).
Any help on the below error would be much appreciated.
I have followed the setup instructions, but keep getting errors.
I am trying to test with the same example as given on the setup instructions. I
know this is insecure, but I am just trying to get things working.
In particular, I am using the key 4c0b569e4c96df157eee1b65dd0e4d41 in the
guacamole.properties file.
I then have the following JSON in the file auth.json:
{
"username" : "test",
"expires" : "1446323765000",
"connections" : {
"My Connection" : {
"protocol" : "rdp",
"parameters" : {
"hostname" : "10.10.209.63",
"port" : "3389",
"ignore-cert": "true",
"recording-path": "/recordings",
"recording-name":
"My-Connection-${GUAC_USERNAME}-${GUAC_DATE}-${GUAC_TIME}"
}
},
"My OTHER Connection" : {
"protocol" : "rdp",
"parameters" : {
"hostname" : "10.10.209.64",
"port" : "3389",
"ignore-cert": "true",
"recording-path": "/recordings",
"recording-name":
"My-OTHER-Connection-${GUAC_USERNAME}-${GUAC_DATE}-${GUAC_TIME}"
}
}
}
}
I now run:
./encrypt-json.sh 4C0B569E4C96DF157EEE1B65DD0E4D41 auth.json
and get the following output:
Ez9K+nkHjuEAWqgE8w6eIBMdQ//B8/Zi8V1y2HOpaT5wS7rCOKPxxA4gsyWlVLuS
VXueOVSQKYVpQUbAl+Lsi7HEfPyTyBJhqVF7P6GTwNqciT4Q8n8WmTLus48zIOcn
jm3HFp39Qtj6C4wQ9Px0V7aTw2V/pG+/bp/48huFW7ekh2AMSossTEDmw+zkcyIu
Vbq7J+BnX77YlIKUqFODEbpOetMkUxx6eqyDByVeozh12tsmiKiZbRiB2bw+dzsx
F9j8GNzkTeM/m7Sy1EHT1vXSRXdSwdrmE7wOKh1rfIFmCLyIyXIwe8S/QRDaDLP2
w9QL3LMNWPyl8ZOgKh5uDJOZSRh3qiVU5SfW35yHIcsQJ8noa00HOymTyJ9/ZmLG
2iYOfT/Al9hAyAHfuP5EAxsfSzjjgxU4QDpahfNWgkSr3t3h9d5HIKBqjOQxlrMW
Utqtnm9AB4PUrAs6utuDB+1/A6KEdb3G2C1TzGmtI+vifuf8nWa4pZs555hKuZ5j
bazA6UA1WX0INjGGEPWm/ICoOcRqTd6l2OI059apELTP6xHdILCpGtM7VG4qtnsI
TEOI0P7HroGgOXXsdSeoEm35Lhb1sy0s5lJEwpj1fnmePOjFvCtTB5a4zZrSXcph
B5ghk10jnU6lM5xDrGqbQCaEy3qQtXEmmuq4U42MWLhKuYd919hEFZQABqZoMgb8
rFedsU5PXQEjyMWXfI1pD5b62HCjmr0jFFqJKF0gce+lKaqZA939PXzyAY8uhbh2
WRMywHnNH200jXOOC9gupcFoZSFgZPzP+qTFvAoo2WQvkr3ukK0AemQl2vbwrca0
rTGQBIlvaxPkw/7AojvvxEubMGyHnh7mS/vy5Eug8mzwyUGlVhgbAI/agyn+8gdA
1LUBXblbZTfz85MYI+GyMDNuOZXp67qhDqv40Ud67V+rFluUPXWRBLmLbDXB2LLm
8Mo7bpe+hLCtILIlN5hDmeOPGQtMpOC8t57Wh+jfkGSKqn0ljRVrrIoPZBzpB2qr
oZ+SgU93JdaFbEfuNbnF+G8aNb9UtN3pbEZUah6LNzuz22ou5ZYjaS7KbJlDL70v
x8sv2hmK3zNRnHUKANIjOCX9RlsGZ9wHRl+1kDw65+BoN+i4JWgIHbEBsVZG5VUE
r76MIuazfaNi3xPYW8sIYw==
This output is different to the output given on the webpage. My first question
is, is this a problem?
Secondly, if I store this output in a file named “enc” and then run:
curl --data-urlencode “data=$(<enc)"
http://10.230.42.19:8080/guacamole/api/tokens
Then I get the response:
{"message":"Permission
denied.","translatableMessage":{"key":"APP.TEXT_UNTRANSLATED","variables":{"MESSAGE":"Permission
denied."}},"statusCode":null,"expected":[],"type":"INVALID_CREDENTIALS”}
And looking in the logs (/var/log/syslog) I can see the warning:
WARN o.a.g.auth.json.user.UserDataService - Submitted data is not proper base64.
No matter what I try I cannot seem to get past this error. Obviously, I expect
to get a permission denied error for the sample JSON file above, as the
credentials are not correct, but the base64 warning does not seem correct. I
have also tried the above process with a correct set of credentials and
connection information within the JSON file which I believe should work. Here I
get the same base64 warning. Are there any hints/tips/ideas at this point?
Finally, whilst testing I also noticed that when using a lower case key in the
file guacamole.properties (as explained on the website) I get the error:
ERROR o.a.g.auth.json.user.UserDataService - Decryption of received data
failed: Invalid hexadecimal value.
After changing the key to uppercase (as I did above) then this error was
changes and instead I received the base64 warning above. But I don’t know if
this is better or worse?
Any help on this issue would be much appreciated.
Best,
Phil
-----------------------
Dr. Phillip James
Senior Lecturer
Department of Computer Science / Yr Adran Gyfrifiadureg
Swansea University / Prifysgol Abertawe
Bay Campus / Campws y Bae
SA1 8EN
