guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Poteat, William D." <wpot...@mitre.org>
Subject RE: CAS Authentication problem
Date Wed, 29 Aug 2018 16:25:21 GMT
What version of Guacamole are you using?  Are all of your extensions the same version?

Using version Guacamole 0.9.14
/etc/guacamole/extensions/guacamole-auth-cas-0.9.14                 is my only extension


So you have a guacadmin user that logs into CAS?  When you created the JDBC portion, did you
import both of the SQL schema files - there are two, one for the base schema, and one for
configuring the guacadmin account.  Can you verify that you imported both when creating the
database?

I used an install script from SourceForge.net.  Is that a problem ?
So I did not explicitly import the SQL schema files.
But do have the following:

# ls  /usr/local/src/guacamole/0.9.14/extension/mysql/schema
001-create-schema.sql  002-create-admin-user.sql

# ls /usr/local/src/guacamole/0.9.14/extension/sqlserver/schema
001-create-schema.sql  002-create-admin-user.sql

Also have many JDBC4*.java  and  JDBC42*.java files  in
/usr/local/src/guacamole/0.9.14/mysql-connector-java-5.1.44/src/com/mysql/fabric/jdbc/


Also, if you disable the CAS authentication module and just log in as "guacadmin", does everything
work correctly?
Yes, all is well.


Thanks for the reply and help.
bill


From: Nick Couchman <vnick@apache.org>
Sent: Wednesday, August 29, 2018 11:28 AM
To: user@guacamole.apache.org
Subject: Re: CAS Authentication problem

On Wed, Aug 29, 2018 at 9:01 AM Poteat, William D. <wpoteat@mitre.org<mailto:wpoteat@mitre.org>>
wrote:
I have a CAS Authentication problem.

What version of Guacamole are you using?  Are all of your extensions the same version?


Using the default guacadmin user name and password
I can navigate through our cas-authorization-endpoint, where the user (guacadmin) logs onto
our CAS server, then to the cas-redirect-uri (the guacamole app  https://host.net.org/guacamole).
So that part is working.

However, the user name guacadmin is shown in the upper right of the guacamole home page but
the associated connections are not shown and all of the guacadmin capabilities such as creating
connection, adding a user are missing.

So you have a guacadmin user that logs into CAS?  When you created the JDBC portion, did you
import both of the SQL schema files - there are two, one for the base schema, and one for
configuring the guacadmin account.  Can you verify that you imported both when creating the
database?

Also, if you disable the CAS authentication module and just log in as "guacadmin", does everything
work correctly?


My gut tells me that somehow a the password or something that allows guacamole to pull the
guacadmin user data from the database is missing.

Also, the guacadmin user cannot logout.
the brief message   “Please wait redirecting to CAS authentication”
is displayed before returning to the Guacamole / guacadmin home page.

This is a known issue - Single Sign Out is not implemented in any of the SSO modules at this
time.  There are JIRA Issues created for both CAS and OpenID, it just hasn't been implemented,
yet.


I must close the browser window to very ungracefully exit Guacamole.

I hope this is the proper way to submit a Question.  Please point me to any previous message
threads on this subject.

Yep, this is correct.

-Nick
Mime
View raw message