Got it!
Thank you very much for your replies Nick and Weston.
I did it using JSON authentication and it works as per my requirement.
The documentation of JSON authentication had a few steps missing that I
figured out using Keeper's documentation.
For example,
After making the post request and getting the token back, the connection
can be directly made using,
/?token={auth_token}.
Or if we want to directly use base64,
Pass the base64 string to the url encoding library in Python, and then,
/?data={base64}
Can I contribute this to the documentation part?
I have been wanting to contribute to guacamole-server but not able to
figure out any issues 😀 and understanding the code base is getting tough
for me so maybe contributing to the documentation can be a good first step.
Regards,
Palaash Jain
On Tue, 23 Sept, 2025, 12:39 am Weston Thayer, <[email protected]>
wrote:
> If helpful, TunnelRequestService.createTunnel
> <https://github.com/apache/guacamole-client/blob/0336e2c7e1be7d5510bdad9505dc093e76a54444/guacamole/src/main/java/org/apache/guacamole/tunnel/TunnelRequestService.java#L330>
> is
> a key function the client uses when starting a session. You might be able
> to modify it to bypass the auth checking steps and select some
> user-mapping.xml
> <https://guacamole.apache.org/doc/gug/configuring-guacamole.html#user-mapping-xml>
> connection
> details you've specified.
>
> On Mon, Sep 22, 2025 at 11:52 AM Nick Couchman <[email protected]> wrote:
>
>> On Thu, Jun 5, 2025 at 6:42 AM Palaash Jain <[email protected]>
>> wrote:
>>
>>> Hi,
>>>
>>> I have been struggling to modifying the guacamole client in such a way
>>> that:
>>> 1) We perform our own authentication externally,
>>> 2) I want to pass something like,
>>> http://localhost:8080/guacamole/?{my_parameters}
>>> 3) For doing this, I don't want the guacamole welcome page login screen
>>> and instead just proceed directly with the connection.
>>> 4) Rest of the communication, passing the connection details, etc. will
>>> then be done.
>>>
>>>
>> Hello, Palaash,
>> How are you performing the external authentication? Are you using a SSO
>> provider, or have you written a custom extension?
>>
>> In Guacamole, once you've authenticated, you can get directly to a
>> connection or connection group using the URL that shows up in the browser
>> when you go to that connection. It's a Base64-encode combination of the
>> data source name (e.g. mysql), the type (c = connection, g = connection
>> group), and the identifier.
>>
>> That said, right now, with external providers like SAML and OpenID that
>> redirect away from Guacamole for authentication and then back when
>> authentication is completed, Guacamole does not keep track of the original
>> request or pass that information along, so that'll get "lost" in the
>> redirect. There's at least one Jira issue out there to pass a state
>> variable to SSO providers that would help with this, it just hasn't been
>> done, yet.
>>
>> -Nick
>>
>>>
