guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steven Pollock <jacksonp2...@gmail.com>
Subject Re: Restrict Home Screen
Date Tue, 19 Sep 2017 00:42:55 GMT
Sure, and thank-you.

User will get access to devices in a lab based on a scheduled start/stop
time using our webUI.  All credentials and application functionality is
here.
No real credentials should be stored in a guac database.
User is provided a one-time link to the device(s) at the start, which
should no longer work after the end.
No need to see the guac home page, but we can work with it if we can't
remove.

I have been able to meet the requirements using the mysql auth as follows:

1. Create a one-time username and password with an access time window
(start, end, valid_from, until)
2. Permission access group for this user_id (INSERT INTO
 guacamole_connection_group_permission)
3. Permission individual links for this user_id (INSERT INTO
guacamole_connection_permission)
4. Generate URL per below for each individual connection
5. At the end of the session time (access_window_end), delete the user_id

Where this becomes the one-time link, embedded connection & auth:
http://10.80.100.199:8080/guacamole/#/client/NABjAG15c3Fs/?username=user3&password=xxxx

Based on schedule, it won't work till start time, or after end time.
Username/password are one-time only use and only valid during the session.

If there's a better way, would be grateful to know what it is.

Regards,

-Steve

(415) 320-1102 <https://www.google.com/voice/#phones>

<º(((><    <º(((><   <º(((><

On Mon, Sep 18, 2017 at 4:40 PM, Mike Jumper <mike.jumper@guac-dev.org>
wrote:

> On Mon, Sep 18, 2017 at 3:19 PM, jacksonp <jacksonp2008@gmail.com> wrote:
>
>> I am using mysql auth, generating connection link
>> via:https://sourceforge.net/p/guacamole/discussion/1110834/t
>> hread/fb609070/
>>
>> and passing in credentials like:
>> http://10.80.100.199:8080/guacamole/#/client/MwBjAG15c3Fs/?
>> username=user3&password=xxx
>>
>> This works perfect!
>>
>> The user can still "ctrl-shift-alt" and get the setting side window.  All
>> good.  However, in the drop down they can select "home".  I would like to
>> disable that if possible and keep have them only connect via the link with
>> no options to see the "home" screen.
>>
>>
> Can you describe what you're trying to achieve at a high level? Are you
> trying to integrate Guacamole into an existing application? How do you
> envision that integration working from a user's perspective?
>
> There may be a better solution that embedding the username and password in
> the URL and trying to hide parts of the UI.
>
> - Mike
>
>

Mime
View raw message