guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Massimo Cusumano <maxcu...@gmail.com>
Subject Custom Authentication with DIGITAL Certificate from a Apache HTTP Reverse Proxy
Date Tue, 21 Jun 2016 14:38:49 GMT
Hi,

I have an Apache HTTP Server with  SSL authentication  (Client certificate
Authentication). This Apache HTTP Server reverse proxies from port 443 to
Guacamole ajp port  8009

The  Guacamole setup uses the mysql jdbc authentication extension
(guacamole-auth-jdbc-mysql-0.9.9.jar).

I wrote an extension that perform authentication based on  the "Common
Name" of the user's Client Digital Certificate. The extension retrieves the
"Common Name" from the certificate and the "Common Name" is then used by
MYSQL authenticator (MYSQL authenticator trusts the extension
authentication).

Now, when I browse to  Guacamole web portal (https://MYIP/guacamole/), a
client certificate is required by Apache; after I select the  client
certificate, the   "default Guacamole login page" is displayed (index.html)
and when clicking  on the Login button (without entering any
username/password) I can access with success to the "Guacamole Home Screen"

My questions are:
- Can I customize the "default Guacamole login page"  to remove the
username and password field and leave only the "Login" button?
- Can I insert the "common name" of the certificate in the login page (e.g.
Welcome "<Common Name> " User;
or
- Can I bypass the "default login page" and connect directly to the
"Guacamole Home Screen"?

Regards

Massimo.

Mime
View raw message