guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "B3r3n" <B3...@argosnet.com>
Subject Re: Guacamole & OpenID
Date Fri, 14 Dec 2018 06:36:14 GMT
> On Thu, Dec 13, 2018 at 11:14 AM B3r3n <B3r3n@argosnet.com> wrote:
>>
>> Hello Mike,
>>
>> Well noted, I will test that ASAP.
>>
>
> Thanks, B3r3n.
>
>> However, since I moved using header auth, I would like to try achieving it.
>> My only issue is with the logout feature of Guacamole.
>>
>> Apparently it sends a DELETE /guacamole/api/tokens/token_id. I
>> intended to change it to another GET /url logging out but whatever I
>> do, right after browser sends a POST /guacamole/api/tokens and regets a
>> token.
>>
>
> With the header authentication, you will be immediately
> re-authenticated so long as the header that authenticates you is
> present in the HTTP request.
>
>> Is there an URL I could use to logout from guacamole but where the
>> browser will accept a returning GET, redirect, whatever so it can
>> really be logged out from OpenID ?
>
> Single logout for OpenID Connect is not currently implemented in Guacamole:
>
> https://issues.apache.org/jira/browse/GUACAMOLE-519
>
> The path forward to implement that for OpenID is fairly clear - it
> would just need to be done. I don't know what would need to be done
> for the generic header authentication, where there's no standard
> defining how logout should be signaled to the IDP.
I agree, but my intention was to use a Apache Rewriterule or ProxyHTMLurlmap,
or RewriteHTML to change the DELETE token URL to my logout OIDC URL.
That's why I would just like to know what do you expect once you sent this
DELETE token. If I can replace it by my logout URL, would remove the header
variable and bingo, clean logout from Guacamole :-)

>
> - Mike
>
>
>



Mime
View raw message