guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "B3r3n" <B3...@argosnet.com>
Subject New Guacamole connection type ?
Date Wed, 19 Dec 2018 15:09:40 GMT
Dear all,

I keep studying Guacamole as a multi-usage solution to operate devices.
Hiding Guacamole with auth header behind a OIDC authenticated reverse proxy, I
have now a solution where user authenticates to reach a web site.
This URL lists non Guacamole devices (web sites) and a link to Guacamole.

This package permits to have RDP/VNC/SSH/telnet & web devices managed in a
unique solution.
With the capability to change the logout URL of Guacamole with the one we
wish, this will finalize a clean solution.

However, I am still forced to have a web site to list URLs when..Guacamole
could do it :-)
This raised me a simple solution : a URI device type on Guacamole.

If there is a device with a few parameters including a modifiable URI, when
the user clicks on it, it launches the associated program (browser, other
client).

For example : Web X will have as URI : http://web_x etc. Could be ssh://x too.

Such a device type should have keywords to pass some specific fields so
Guacamole keeps being a RBAC validator.
For example :
- it should be possible to pass the guacamole token in the URI
- it should be possible to pass target connexion ID/name in the URI
- other parameters ?

>From this, the target host called by the URI will receive the session and be
able to parse these value.
It could then query guacamole to ensure flow is approved and thus accept the
URI and perform the action.
This way, we could imagine Web sites, but also any other URI (SSH etc).

I would like to get your feedbacks about the feability but also critics about
the idea. It must be valuable to take time to set it up.

thanks for your reactions.

Brgrds


Mime
View raw message