guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <>
Subject Re: have got auth-header working - but can't see any "<connection>" options
Date Tue, 10 Oct 2017 03:03:48 GMT

On Mon, Oct 9, 2017 at 10:06 PM, Jason Haar <> wrote:

> Hi there
> I've just started playing with guacamole and have successfully got as far
> as creating a standalone user-profile (ie username/password)
> in user-mapping.xml - some RDP and SSH sessions - all working fine.
> So then I got more adventurous and decided on testing auth-header - as we
> would run such a beast behind an Apache reverse-proxy - so time to test.
> Well I've got the Apache server sending "X-User: email@address", and now
> when I connect I see I am automagically logged in as "email@address" -
> great! But there's no "profile" (for want of a better term).
> So then I edited user-mapping.xml and created a fake account for
> "email@address" , and cut-n-pasted my working standalone user profile
> into it (ie the same RDP and SSH "<connection>"'s). Restarted tomcat and -
> nothing.
> Whatever I try, all I get is an empty profile - no actual terminal
> services. Also, if I access the account's "Settings", all I get is the
> turning "cog wheel" - but nothing actually comes up. If I did that on my
> standalone account, I get to change my default language/etc.

For the spinning cog wheel of infinity, there's a commit in the git master
repo that I believe will fix this issue.  I doubt it's related to the other
trouble you're having - the lack of connection mapping.  From what I can
tell you're doing things right, so not sure why that isn't working.

I would suggest setting up the JDBC authentication module with a MySQL or
PostgreSQL database.  It takes a few minutes longer, and definitely works
to layer the JDBC module with the auth-header module (or CAS, LDAP, etc.).
I can't remember if Mike mentioned something recently about the basic user
mapping module not working as a layered module or not - I haven't tried
it.  Either way, I highly recommend using the JDBC module - particularly if
you plan to scale your deployment at all, it'll be much easier to do that
with JDBC.


View raw message