guacamole-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nick Couchman (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (GUACAMOLE-197) Implement Support for RADIUS Authentication
Date Thu, 09 Feb 2017 14:34:41 GMT

    [ https://issues.apache.org/jira/browse/GUACAMOLE-197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15859591#comment-15859591
] 

Nick Couchman commented on GUACAMOLE-197:
-----------------------------------------

Reorganized the code a bit.  Need to get a RADIUS server set up to test out some of the TLS
protocols and make sure those work, but so far so good.

I am having trouble with MAVEN and signed modules.  The jradius-extended dependency pulls
in another one called BouncyCastle, which is a SSL/TLS implementation for Java.  One of those
modules is signed, and it's causing all sorts of trouble getting the RADIUS Authentication
module to load.  I tried several incantations for a couple hours yesterday to get MAVEN to
filter out the signing files when building the RADIUS jar file, to no avail.  I can post more
info, if needed, but any suggestions there would be appreciated.  For the time being I've
resorted to manually using the zip command to remove the signatures from the resulting JAR...obviously
that's a poor long-term solution.

> Implement Support for RADIUS Authentication
> -------------------------------------------
>
>                 Key: GUACAMOLE-197
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-197
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole, guacamole-client
>    Affects Versions: 0.9.11-incubating
>            Reporter: Nick Couchman
>            Priority: Minor
>
> Working on implementing a RADIUS authentication module - guacamole-auth-radius.  The
basic implementation is completed - with a basic PAP or CHAP RADIUS server, the authentication
succeeds and the user is logged in.
> I'm running into an issue, though, trying to implement Challenge/Response in RADIUS.
 I have my RADIUS server configured to talk to LinOTP for MFA/2FA, and RADIUS sends the AccessChallenge
package back, asking for the second factor.  My issue is in my continual failure to grasp
the connection between the servlet side and the AngularJS web application.  I've copied the
Duo authentication code and tried to morph it into something that will present another box
for the RADIUS challenge, but I can't get my controller function to actually fire.
> Once that is working, I'd like to support other RADIUS authentication protocols, like
EAP-TLS and EAP-TTLS, so there's a little more work to be done, but right now I'm focusing
on the basic protocols and the challenge/response.
> Will have a repo posted here in a moment for working on this.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message