Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id C2FB4200D42 for ; Fri, 17 Nov 2017 17:16:02 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id C1C52160BFB; Fri, 17 Nov 2017 16:16:02 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 13610160BF8 for ; Fri, 17 Nov 2017 17:16:01 +0100 (CET) Received: (qmail 39998 invoked by uid 500); 17 Nov 2017 16:16:01 -0000 Mailing-List: contact user-help@guacamole.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@guacamole.apache.org Delivered-To: mailing list user@guacamole.apache.org Received: (qmail 39989 invoked by uid 99); 17 Nov 2017 16:16:01 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Nov 2017 16:16:01 +0000 Received: from mail-lf0-f47.google.com (mail-lf0-f47.google.com [209.85.215.47]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 539871A0236 for ; Fri, 17 Nov 2017 16:15:59 +0000 (UTC) Received: by mail-lf0-f47.google.com with SMTP id x68so3278062lff.0 for ; Fri, 17 Nov 2017 08:15:59 -0800 (PST) X-Gm-Message-State: AJaThX6IIStxXOKgaisQvLdKrg4SMRb9TV0iujlzhEyKcHHIOX3WxCeN JYs9As1wuaqhGJkC1OG7FcHl6+oILJBBTZJUzJY= X-Google-Smtp-Source: AGs4zMZWCJlnscKVoksjFbVBt9CvocyTRXEStX0uYxeHtqjTAxDs0/yT9tJ1jtUFZYfrlah9LBOukbe9Y3kZyM0+qXQ= X-Received: by 10.46.3.2 with SMTP id 2mr1138930ljd.41.1510935357979; Fri, 17 Nov 2017 08:15:57 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.27.148 with HTTP; Fri, 17 Nov 2017 08:15:57 -0800 (PST) In-Reply-To: <1510932575660-0.post@n4.nabble.com> References: <1510932575660-0.post@n4.nabble.com> From: Nick Couchman Date: Fri, 17 Nov 2017 11:15:57 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: HTTP header authentication not working. Infomation missing To: user@guacamole.apache.org Content-Type: multipart/alternative; boundary="089e082751604a8058055e300db6" archived-at: Fri, 17 Nov 2017 16:16:02 -0000 --089e082751604a8058055e300db6 Content-Type: text/plain; charset="UTF-8" On Fri, Nov 17, 2017 at 10:29 AM, Masood wrote: > I am trying to add HTTP header auth extension into guacamole. I have > followed > all the instructions from the chapter 9 of Manual. The jar file is in the > extension folder, but I don't see any new loaded extension in syslog. I > have > not added any new property to the guacamole.properties. As it is optional > > I am using Tomcat 7. Do I need to change some properties in Tomcat to allow > HTTP headers? > > Also, I don't understand the following line in manual "If your > authentication system uses a different HTTP header" I don't have any > authentication system. Do I need to install it? Is it in Tomcat or 3rd > party > application. > You need to configure your web server - either Tomcat or your reverse proxy web server, if you're proxying it through nginx or httpd, for example - to do HTTP authentication. You can find configuration examples for BASIC authentication in the following document - item #5: http://archive.oreilly.com/pub/a/java/archive/tomcat-tips.html If you're proxying Guacamole through Apache httpd, you'd do something like this in your configuration: ... AuthType basic AuthName "Basic Authentication" AuthBasicProvider file AuthUserFile /etc/httpd/guacamole.users Require valid-user By default Apache will set the REMOTE_USER header during authentication, which should be passed through to Tomcat and accessible by Guacamole. Nginx has similar options: https://www.nginx.com/resources/admin-guide/restricting-access-auth-basic/ -Nick --089e082751604a8058055e300db6 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On F= ri, Nov 17, 2017 at 10:29 AM, Masood <masoodhussain10@gmail.com> wrote:
I = am trying to add HTTP header auth extension into guacamole. I have followed=
all the instructions from the chapter 9 of Manual. The jar file is in the extension folder, but I don't see any new loaded extension in syslog. I= have
not added any new property to the guacamole.properties. As it is optional
I am using Tomcat 7. Do I need to change some properties in Tomcat to allow=
HTTP headers?

Also, I don't understand the following line in manual "If your
authentication system uses a different HTTP header" I don't have a= ny
authentication system. Do I need to install it? Is it in Tomcat or 3rd part= y
application.

You need to configure your= web server - either Tomcat or your reverse proxy web server, if you're= proxying it through nginx or httpd, for example - to do HTTP authenticatio= n.=C2=A0 You can find configuration examples for BASIC authentication in th= e following document - item #5:


I= f you're proxying Guacamole through Apache httpd, you'd do somethin= g like this in your configuration:

<Location /g= uacamole>
=C2=A0 =C2=A0...
=C2=A0 =C2=A0 AuthType basic
=C2=A0 =C2=A0 AuthName "Basic Authentication"
= =C2=A0 =C2=A0 AuthBasicProvider file
=C2=A0 =C2=A0 AuthUserFile /= etc/httpd/guacamole.users
=C2=A0 =C2=A0 Require valid-user
<= div></Location>

By default Apache will set t= he REMOTE_USER header during authentication, which should be passed through= to Tomcat and accessible by Guacamole.=C2=A0 Nginx has similar options:


-Nick
--089e082751604a8058055e300db6--