guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <vn...@apache.org>
Subject Re: Handling a SAML POST response
Date Wed, 27 Sep 2017 22:35:19 GMT
On Wed, Sep 27, 2017 at 6:31 PM, Nick Couchman <vnick@apache.org> wrote:

>
>
> On Wed, Sep 27, 2017 at 5:35 PM, Colin McGuigan <colin_guacamole@
> walkingshadows.org> wrote:
>
>> So I went ahead and created an external web service that internally calls
>> /guacamole/api/tokens, and then redirects to /guacamole/#/token=<token>
>>
>
> When you say you created an external web service, what do you mean?
>
>
>>
>> Doesn't work.
>>
>> Investigation of the network traffic shows that the /guacamole/api/tokens
>> call does not have the token in it at all (in Mike's OpenID implementation
>> id_token is passed along this way, and I was hoping it would work the same
>> for token).  Changing the name of the parameter, so it's now redirecting
>> to
>> /guacamole/#/id_token=<token> also does not pass a token_id parameter to
>> /guacamole/api/tokens, which confuses me, because I saw this behavior with
>> the OpenID plugin.
>>
>> So new questions:
>>
>> 1) Is this a valid approach?  Ie, can a Guacamole authorization token even
>> be passed around in this manner?
>>
>> 2) Why is the token not being passed from /guacamole/#/token=<token> to
>> /guacamole/api/tokens?
>>
>>
>>
> So, I think the approach you need to take is that, within the SAML
> extension itself, you need to create a REST endpoint that consumes handles
> a POST call to it, processes the data from the POST, and then translates
> that to the correct call to /guacamole/api/tokens to tell Guacamole that
> the login has succeeded.  You can have a look at the other REST source code
> to see code that creates these types of services:
>
> https://github.com/apache/incubator-guacamole-client/
> tree/master/guacamole/src/main/java/org/apache/guacamole/rest
>
> I've not actually implemented an extension-specific REST endpoint myself,
> so I can't provide very detailed instructions, but it is possible - Mike
> can probably provide further guidance, if needed.
>

Some basic information on extension-specific REST resources is available
here:

http://guacamole.incubator.apache.org/doc/gug/guacamole-ext.html#ext-rest-resources

-Nick

Mime
View raw message