If helpful, TunnelRequestService.createTunnel <https://github.com/apache/guacamole-client/blob/0336e2c7e1be7d5510bdad9505dc093e76a54444/guacamole/src/main/java/org/apache/guacamole/tunnel/TunnelRequestService.java#L330> is a key function the client uses when starting a session. You might be able to modify it to bypass the auth checking steps and select some user-mapping.xml <https://guacamole.apache.org/doc/gug/configuring-guacamole.html#user-mapping-xml> connection details you've specified.
On Mon, Sep 22, 2025 at 11:52 AM Nick Couchman <[email protected]> wrote: > On Thu, Jun 5, 2025 at 6:42 AM Palaash Jain <[email protected]> > wrote: > >> Hi, >> >> I have been struggling to modifying the guacamole client in such a way >> that: >> 1) We perform our own authentication externally, >> 2) I want to pass something like, >> http://localhost:8080/guacamole/?{my_parameters} >> 3) For doing this, I don't want the guacamole welcome page login screen >> and instead just proceed directly with the connection. >> 4) Rest of the communication, passing the connection details, etc. will >> then be done. >> >> > Hello, Palaash, > How are you performing the external authentication? Are you using a SSO > provider, or have you written a custom extension? > > In Guacamole, once you've authenticated, you can get directly to a > connection or connection group using the URL that shows up in the browser > when you go to that connection. It's a Base64-encode combination of the > data source name (e.g. mysql), the type (c = connection, g = connection > group), and the identifier. > > That said, right now, with external providers like SAML and OpenID that > redirect away from Guacamole for authentication and then back when > authentication is completed, Guacamole does not keep track of the original > request or pass that information along, so that'll get "lost" in the > redirect. There's at least one Jira issue out there to pass a state > variable to SSO providers that would help with this, it just hasn't been > done, yet. > > -Nick > >>
