Combining HTTP Header with other Auth Modules

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Combining HTTP Header with other Auth Modules

Justin Phelps
I'm currently struggling to figure out how to configure guacamole properly given my authentication situation.

I have an Apache proxy setup in front of guacamole, and I use an Apache module to handle authentication of the incoming users. This provides a collection of HTTP Headers that can be used for identification of the user. The proxy also doesn't allow any unauthenticated users to access guacamole directly.

The assumption here is if a user has successfully authenticated, they have access to all the connections configured in the user-mapper.xml file.

Without the NoAuth plugin, I'm having a hard time figuring out how to say:

Given an authenticated user (as per the Header), give them access to all connections.

Anyone have tips?
Reply | Threaded
Open this post in threaded view
|

Re: Combining HTTP Header with other Auth Modules

vnick
On Mon, Dec 9, 2019 at 1:34 PM Justin Phelps <[hidden email]> wrote:
I'm currently struggling to figure out how to configure guacamole properly given my authentication situation.

I have an Apache proxy setup in front of guacamole, and I use an Apache module to handle authentication of the incoming users. This provides a collection of HTTP Headers that can be used for identification of the user. The proxy also doesn't allow any unauthenticated users to access guacamole directly.

The assumption here is if a user has successfully authenticated, they have access to all the connections configured in the user-mapper.xml file.


The user-mapper.xml file does not "stack" with the other authentication modules in the same way, so you cannot use this module in combination with other authentication modules.  It is designed to be a very simple way to test that your install is working correctly, but is not really something that scales well for larger use-cases.

If you need to combine the header module with some other module for storing connections, the most common and probably easiest thing to do is to use the JDBC module to store connections.  Aside from that, you could either write your own module for storing the connections, or Mike has one that takes JSON input, I believe, for facilitating pulling in connection data that way without having to set up a database.

-Nick