guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <>
Subject Re: Console ID Cache issue when using user-mapping.xml
Date Mon, 17 Oct 2016 22:24:06 GMT
On Tue, Oct 11, 2016 at 3:41 AM, Rishi <> wrote:

> Hello All,
Hello Rishi,

> I'm using guacamole in an automated fashion such that after completing the
> external authentication, a new user-mapping.xml is generated.

The intended mechanism for integrating Guacamole with external
authentication is not through auto-generating XML, but rather through

More on this below.

The guacamole authentication in this case works correct however websocket
> connection for console happens to the last consoled vm. It is not able to
> properly disconnect last websocket session upon generation of new
> user-mapping.xml. I suspect its the cookies !
Guacamole doesn't use cookies in this way, but the authentication mechanism
that uses user-mapping.xml will cache the connections available to a
particular user once they log in, associating that information with their
session from that point forward. They will not see the results of changes
to that file until after they log out (or until they log in elsewhere).

If a new browser is used then the problem does not seem to appear.

Yep. See above.

> So, would like to know how can I force flush cookies (if thats the
> problem) whenever guacamole UI is reloaded ?

I don't think you should continue pursuing a solution driven by
user-mapping.xml. That authentication method is intentionally simple, and
not intended to serve as the middle ground between Guacamole and an
external authentication system. It's really aimed at simple deployments, or
as a quick way to verify that Guacamole works as expected before moving on
to something like LDAP or a database.

In your case, where the idea is to integrate Guacamole with an external
system, I highly recommend developing an extension which does so. Guacamole
provides an API to achieve exactly this, and it's how the other
authentication extensions were written. There's no need to hack things
together using XML as an intermediary.

- Mike

View raw message