On Thursday, December 14, 2023 at 07:36:05 PM GMT+1, Michael Jumper
<mjum...@apache.org> wrote:
>> Is it possible to hide/disable the "Active since" column in the Active
>> Sessions tab within Settings? If so, how?
>>
>
> You can make arbitrary UI changes through extensions and custom CSS
Yes, I apply custom extensions to modify/add html and other elements elsewhere,
but in this case I only need to remove a table value or column. I know you
discourage patching the source template files directly, but I find that easier
in this case than to maintain/update a whole sessions table structure. In my
case, all I do is check for {{wrapper.startDate}} and sed it out. I do the same
for {{historyEntryWrapper.entry.startDate | date : dateFormat}} and
{{wrapper.entry.startDate | date:historyDateFormat}}. Sure, the upstream code
may change in time and I'd have to adjust the patches,but wouldn't it be the
same with a custom extension?
> Why are you looking to do this? The "Active Since" column in that tab
> shows when the connection began, which is useful information.
Yes, it's useful. However, in some environments it's preferable not to show
when a user started a connection because this information can be available to a
group of users who might not necessarily need to know it. Most people don't
mean to pry, but some love to. Fro the same reason I've also removed
getClientURL(wrapper.dataSource, wrapper.activeConnection) from
guacamole/src/main/frontend/src/app/settings/templates/settingsSessions.html
because an authorized user can connect to another's session. While this can be
useful in some cases, in general I'd prefer not to allow it no matter what
privileges the user has. I'd rather allow it only if the other user explicitly
shares the connection.
Now, I'm sure an advanced user can find a way to connect anyway even if I
remove getClientURL() from the UI, but at least it is not trivial.
BTW, when clicking on the Connection name within Active Sessions does the
"target user" notice that the connecting user has actually connected? The only
case I've witnessed is that I could take control of another user's RDP session
and move the mouse, etc., but I have no idea if the other user was disconnected
or if the connection was shared.
Anyway, the information in Active Sessions is all very useful, but I think the
connection URL is too "invasive" and 'Active since' can be superfluous.
The authentication we use is via SAML SSO.
I suppose I could limit specific trustworthy users to have the "prying"
privileges. However, I am required to give a SAML group the "admin" privs, so
I'd rather remove the parts of the software that may be too tempting.
>> Also, under Settings -> History I see several records with values for
>> Duration, but all the other columns are empty (Username, Start time,
>> Connection name, Remote host). Why?
>
> Try clearing browser cache. You might have old JavaScript, etc. cached
> from a previous release.
Correct. That did it.
However, this poses another issue.
After doing all the changes I mentioned above (removing "Active since",
getCientURL, etc.) I noticed that I kept on seeing "everything" even if I
re-logged in after closing the browser.
I had to explicitly clear the cache to see the changes.
As far as my client computer is concerned, all's good. However, how do I make
sure other clients who might have already cached the non-patched guacamole
version reload/refresh?
Is it beyond server control?
If I use an Apache reverse proxy for Guacamole would setting the following be
enough?
ExpiresActive On
ExpiresDefault "now"
I'm not familiar with how Tomcat could handle Cache-Control directly (maybe
through the use of filters).
>> Can the X-Forwarded-For addr. be used by Guacamole (if it "trusts" the
>> proxy)?
>>
>
> https://guacamole.apache.org/doc/gug/reverse-proxy.html#setting-up-the-remote-ip-valve
Correct. I must have missed that part of the doc. Works great.
Thanks,
Vieri
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org
