Thanks Mike for detailed information and saving hours in pursuing wrong path.

I'd definitely look into custom auth and build something for us.
I'm simply looking for a web callback as authentication mechanism. Let me know if its already present while I proceed to develop one. And in case I'm getting it working, can I contribute it back ?

- Rishi

On Tue, Oct 18, 2016 at 3:54 AM, Mike Jumper <mike.jumper@guac-dev.org> wrote:
On Tue, Oct 11, 2016 at 3:41 AM, Rishi <2rushikeshj@gmail.com> wrote:
Hello All,


Hello Rishi,
 
I'm using guacamole in an automated fashion such that after completing the external authentication, a new user-mapping.xml is generated.

The intended mechanism for integrating Guacamole with external authentication is not through auto-generating XML, but rather through extensions:



More on this below.

The guacamole authentication in this case works correct however websocket connection for console happens to the last consoled vm. It is not able to properly disconnect last websocket session upon generation of new user-mapping.xml. I suspect its the cookies !


Guacamole doesn't use cookies in this way, but the authentication mechanism that uses user-mapping.xml will cache the connections available to a particular user once they log in, associating that information with their session from that point forward. They will not see the results of changes to that file until after they log out (or until they log in elsewhere).

If a new browser is used then the problem does not seem to appear.

Yep. See above.
 
So, would like to know how can I force flush cookies (if thats the problem) whenever guacamole UI is reloaded ?

I don't think you should continue pursuing a solution driven by user-mapping.xml. That authentication method is intentionally simple, and not intended to serve as the middle ground between Guacamole and an external authentication system. It's really aimed at simple deployments, or as a quick way to verify that Guacamole works as expected before moving on to something like LDAP or a database.

In your case, where the idea is to integrate Guacamole with an external system, I highly recommend developing an extension which does so. Guacamole provides an API to achieve exactly this, and it's how the other authentication extensions were written. There's no need to hack things together using XML as an intermediary.

- Mike