On Wed, Aug 10, 2022 at 1:11 PM Pete Carlson <pgcarl...@gmail.com> wrote: > > > "I am using the guacamole-auth-json for encrypted JSON. When building my > user.json: > > { > "username" : "arbitraryUsername", > "expires" : TIMESTAMP, > "connections" : { > "Connection Name" : { > "protocol" : "PROTOCOL", > "parameters" : { > "name1" : "value1", > "name2" : "value2", > ... > } > }, > ... > } > } > where does Connection Name exist elsewhere so it knows to relate this user to > this connection? Can I define this object so that it just connected to the > DEFAULT connection? >
What you are defining here is a connection that exists purely in the JSON backend, not a reference to a connection stored somewhere else. If you want to use the encrypted JSON to authenticate users, but store the data for connections in some other backend (one of the supported databases), the way to accomplish that is: 1) Use Guacamole's web UI to define a connection within your database of choice. 2) Again within the web UI, define a user and grant access to that connection. Do not set a password for this user. 3) As needed, generate encrypted JSON only as a proof of user identity (include only "username" and "expires"), making sure that the specified username matches the username of the user that was created earlier. When the encrypted JSON is submitted, Guacamole accepts that as sufficient proof of identity, and the database then allows access to any connections it knows are granted to that user. You can do this for any number of users, and can leverage user groups if these users will frequently be given access to the same sets of connections. This same mechanism is how things like SAML and LDAP are tied together with the database storage. > > I am using a md5 hash of the username and the encrypt-json.sh script from the > website to sign and encode this: > > {"username":"fred","expires":1660129180160,"connections":{"My > Connection":{"protocol":"vnc","parameters":{"hostname":"127.0.0.1","password":"VNCPASS","port":5900}}}} > What does an MD5 hash of the username have to do with the process that you're using? - Mike --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org