guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <vn...@apache.org>
Subject Re: HTTP header auth + MySQL
Date Thu, 22 Mar 2018 15:50:02 GMT
On Wed, Mar 21, 2018 at 5:12 PM, John Hanks <griznog@gmail.com> wrote:

> I managed to get a different env variable set to the uid without the
> kerberos realm with
>
>     RewriteEngine on
>     RewriteCond %{LA-U:REMOTE_USER} ^(.+)@.*$ [NC]
>     RewriteRule ^.*$ - [E=SUNET_ID:%1]
>
> and the result in the request is:
>
> SUNET_ID = griznog
>
> In guacamole.properties I added
>
> http-auth-header: SUNET_ID
>
>
Unfortunately at the moment I'm using nginx as my Reverse Proxy instead of
httpd, so I haven't been able to test that configuration.  However, can you
try adding this line to your configuration file:

    RequestHeader set SUNET_ID %{LA-U:REMOTE_USER} ^(.+)@.*$

You could also do:

    RequestHeader set REMOTE_USER %{LA-U:REMOTE_USER} ^(.+)@.*$

and just use REMOTE_USER instead of the custom header.  See if either of
those things work (with the second one you'd need to remove the header
config from guacamole.properties, or set it to REMOTE_USER).  With nginx I
was able to successfully use both the REMOTE_USER header and set my own
custom header and it worked fine with the header authentication module, so
I'm reasonably certain that module is working, it's just getting the
reverse proxy and Tomcat to exchange the correct information.

-Nick

Mime
View raw message