api/tokens error when using auth-noauth on guacmole 0.9.9

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

api/tokens error when using auth-noauth on guacmole 0.9.9

Victor Norman
A little background: my goal was to move our project showcase system from

Ubuntu 16.04, tomcat7, guacamole 0.9.9 with auth-noauth,  to

Ubuntu 20.04, tomcat9, guacamole 1.1.0 (at least) with auth header-auth. 

However, we're finding there are just too many changes to do all of this at once.

So, now the plan is to just take the existing system -- guacamole 0.9.9 with auth-noauth -- and move it to Ubuntu 20.04 -- changing as little as possible to get it working... except, tomcat7 must be replaced by tomcat9.

I have the new system set up, and everything *looks* good, but when I go to the main page (http://agora.cs.calvin.edu:8080), it does not take me to my home page but, after a bit of delay, to the login page.  Looking at the console logs, I see this:

POST http://agora2004.cs.calvin.edu:8080/agora/api/tokens 403

I don't know if that really is the problem, but I don't see that on my old server on Ubuntu 16.04. 

When I drill down on that error, I see this:


    1. Request URL:
      http://agora2004.cs.calvin.edu:8080/agora/api/tokens
    2. Request Method:
      POST
    3. Status Code:
      403
    4. Remote Address:
      153.106.195.16:8080
    5. Referrer Policy:
      no-referrer-when-downgrade
  1. Response Headersview source
    1. Connection:
      keep-alive
    2. Content-Type:
      application/json
    3. Date:
      Fri, 19 Jun 2020 14:15:14 GMT
    4. Keep-Alive:
      timeout=20
    5. Transfer-Encoding:
      chunked
  2. Request Headersview source
    1. Accept:
      application/json, text/plain, */*
    2. Accept-Encoding:
      gzip, deflate
    3. Accept-Language:
      en-US,en;q=0.9
    4. Cache-Control:
      no-cache
    5. Connection:
      keep-alive
    6. Content-Length:
      0
    7. Content-Type:
      application/x-www-form-urlencoded
    8. Cookie:
      JSESSIONID=0A776B90C0F6F15BED7FB7B82D917B40; JSESSIONID=2267FCDCA11585C196863C27E9E7F6C6
    9. DNT:
      1
    10. Host:
      agora2004.cs.calvin.edu:8080
    11. Origin:
      http://agora2004.cs.calvin.edu:8080
    12. Pragma:
      no-cache
    13. Referer:
      http://agora2004.cs.calvin.edu:8080/agora/
    14. User-Agent:
      Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36

I wonder if the guac auth-noauth is actually being used or not?  It seems to be configured correctly, with correct file permissions, etc.  But, there are no log messages to indicate it is being loaded, etc. -- even on the old system there are no log messages about auth-noauth being used -- but it is.

I wonder if there is just a directory that does not have the correct permissions?  Or is there a tomcat9 configuration option I'm missing?

Any ideas on what might be wrong or how to further debug this?  Help!

Prof. Victor Norman
Computer Science
Calvin College University
-----
"A designer knows he has achieved perfection not when there is nothing left to add, but when there is nothing left to take away." -- Antoine de Saint Exupéry


Reply | Threaded
Open this post in threaded view
|

Re: api/tokens error when using auth-noauth on guacmole 0.9.9

ivanmarcus

Victor,


Noauth was removed from Guacamole 1.0.0 onwards, so the short answer is that it won't work.


However you're not the only person that's wanted a similar mechanism, there have been a few such requests and suggestions of how to best achieve something similar within a particular environment. This forum post may give you some further information:


http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/Running-guacamole-inside-of-a-secured-environment-td7922.html


I seem to recall other discussions so a trawl through the list may be worthwhile.


As a complete aside I like your quotation from Antoine de Saint Exup�ry and was reminded of not dis-similar lines from Michelango Buonarroti a few hundred years prior. I expect you've read some of his literature, but if not I thoroughly recommend it - incl his madrigals.


On 20/06/2020 2:27 a.m., Victor Norman wrote:
A little background: my goal was to move our project showcase system from

Ubuntu 16.04, tomcat7, guacamole 0.9.9 with auth-noauth,� to

Ubuntu 20.04, tomcat9, guacamole 1.1.0 (at least) with auth header-auth.�

However, we're finding there are just too many changes to do all of this at once.

So, now the plan is to just take the existing system -- guacamole 0.9.9 with auth-noauth -- and move it to Ubuntu 20.04 -- changing as little as possible to get it working... except, tomcat7 must be replaced by tomcat9.

I have the new system set up, and everything *looks* good, but when I go to the main page (http://agora.cs.calvin.edu:8080), it does not take me to my home page but, after a bit of delay, to the login page.� Looking at the console logs, I see this:


I don't know if that really is the problem, but I don't see that on my old server on Ubuntu 16.04.�

When I drill down on that error, I see this:


    1. Request URL:
    2. Request Method:
      POST
    3. Status Code:
      403
    4. Remote Address:
      153.106.195.16:8080
    5. Referrer Policy:
      no-referrer-when-downgrade
  1. Response Headersview source
    1. Connection:
      keep-alive
    2. Content-Type:
      application/json
    3. Date:
      Fri, 19 Jun 2020 14:15:14 GMT
    4. Keep-Alive:
      timeout=20
    5. Transfer-Encoding:
      chunked
  2. Request Headersview source
    1. Accept:
      application/json, text/plain, */*
    2. Accept-Encoding:
      gzip, deflate
    3. Accept-Language:
      en-US,en;q=0.9
    4. Cache-Control:
      no-cache
    5. Connection:
      keep-alive
    6. Content-Length:
      0
    7. Content-Type:
      application/x-www-form-urlencoded
    8. Cookie:
      JSESSIONID=0A776B90C0F6F15BED7FB7B82D917B40; JSESSIONID=2267FCDCA11585C196863C27E9E7F6C6
    9. DNT:
      1
    10. Host:
      agora2004.cs.calvin.edu:8080
    11. Origin:
    12. Pragma:
      no-cache
    13. Referer:
    14. User-Agent:
      Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36

I wonder if the guac auth-noauth is actually being used or not?� It seems to be configured correctly, with correct file permissions, etc.� But, there are no log messages to indicate it is being loaded, etc. -- even on the old system there are no log messages about auth-noauth being used -- but it is.

I wonder if there is just a directory that does not have the correct permissions?� Or is there a tomcat9 configuration option I'm missing?

Any ideas on what might be wrong or how to further debug this?� Help!

Prof. Victor Norman
Computer Science
Calvin College University
-----
"A designer knows he has achieved perfection not when there is nothing left to add, but when there is nothing left to take away." -- Antoine de Saint Exup�ry