From user-return-4843-archive-asf-public=cust-asf.ponee.io@guacamole.apache.org  Fri Dec 14 07:38:43 2018
Return-Path: <user-return-4843-archive-asf-public=cust-asf.ponee.io@guacamole.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx-eu-01.ponee.io (Postfix) with SMTP id 967D7180645
	for <archive-asf-public@cust-asf.ponee.io>; Fri, 14 Dec 2018 07:38:42 +0100 (CET)
Received: (qmail 2212 invoked by uid 500); 14 Dec 2018 06:38:41 -0000
Mailing-List: contact user-help@guacamole.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@guacamole.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@guacamole.apache.org>
List-Post: <mailto:user@guacamole.apache.org>
List-Id: <user.guacamole.apache.org>
Reply-To: user@guacamole.apache.org
Delivered-To: mailing list user@guacamole.apache.org
Received: (qmail 2202 invoked by uid 99); 14 Dec 2018 06:38:41 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Dec 2018 06:38:41 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id F0896C05CB
	for <user@guacamole.apache.org>; Fri, 14 Dec 2018 06:38:40 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -0.201
X-Spam-Level:
X-Spam-Status: No, score=-0.201 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	DKIM_VALID_EF=-0.1, SPF_PASS=-0.001] autolearn=disabled
Authentication-Results: spamd4-us-west.apache.org (amavisd-new);
	dkim=pass (1024-bit key) header.d=argosnet.com;
	domainkeys=pass (1024-bit key) header.from=B3r3n@argosnet.com
	header.d=argosnet.com
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024)
	with ESMTP id 1Sh98Q-49fST for <user@guacamole.apache.org>;
	Fri, 14 Dec 2018 06:38:39 +0000 (UTC)
Received: from mx.argosnet.com (ns.argosnet.com [37.59.226.0])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id F380162346
	for <user@guacamole.apache.org>; Fri, 14 Dec 2018 06:38:38 +0000 (UTC)
Received: from mx.argosnet.com (ns.argosnet.com [37.59.226.0])
	by mx.argosnet.com (Postfix) with ESMTP id 62249B5079
	for <user@guacamole.apache.org>; Fri, 14 Dec 2018 07:38:38 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=argosnet.com; h=message-id
	:in-reply-to:references:date:subject:from:to:mime-version
	:content-type:content-transfer-encoding; s=mx; bh=UZf8rqK4JpY9DO
	kvJ4ZxsuUSJ7U=; b=CfUzgUfY59Pb8SNqNNnOK+dLqzswhL16DnDmCvxSk2EGb0
	nlUOeOd2kH4UEtn0r4tQV3PE5gSUzjCyZCOFy+hAFdFec5f4/mtg6rIa8S0HL4d3
	IP12W4QDnpYQodudBf19pgI0IlHsxVoUg/NAlNDVEdCJEFtKfm55dwd2BiNvo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=argosnet.com; h=message-id
	:in-reply-to:references:date:subject:from:to:mime-version
	:content-type:content-transfer-encoding; q=dns; s=mx; b=dJu5ksLC
	73UMQFHRACWHUwWPQ9Qkl+XwmMNAwy6nDzATLw0m4QXHiTlyRd6jKHM14Vdux+8n
	YMKvaV76/mdk43WYfpWnxzvr79v3JdVWoOlm2Lqnh1kOzJQWQINPhSyE0wg7UdYw
	VdM6+24bdt6gnM/wXnOUg+3arUP4uz7zoks=
Received: from wm.argosnet.com (ns.argosnet.com [37.59.226.0])
	(Authenticated sender: llevier@pop.argosnet.com)
	by mx.argosnet.com (Postfix) with ESMTPA id 42BB6B5049
	for <user@guacamole.apache.org>; Fri, 14 Dec 2018 07:38:38 +0100 (CET)
Received: from 57.66.185.161
        (SquirrelMail authenticated user llevier)
        by wm.argosnet.com with HTTP;
        Fri, 14 Dec 2018 07:38:38 +0100
Message-ID: <b6b22de0ee2fde55c30417c11acd38a2.squirrel@wm.argosnet.com>
In-Reply-To:
 <CAFjj6016bd4UJY70xoh3A1Jh=2ibrnGP3d8amkjut5G9Yq0nhg@mail.gmail.com>
References: <c8ccad8f6d9452d2a90bdd56cf79682b.squirrel@wm.argosnet.com>
    <CALKeL-M1arX-vq80mzu-buOY4frE4uE=hS2kX_u7iFygKD4Mpg@mail.gmail.com>
    <CALKeL-OUdYLiQcogjEqd49uqACRnXek_y-8w9rLvodwZTev33Q@mail.gmail.com>
    <5c12afaf.1c69fb81.67c93.33f3SMTPIN_ADDED_MISSING@mx.google.com>
    <CALKeL-OEWM12TguUEcDB0pn0Tcz9_0CoQ0mznymbEPfJAwi+kg@mail.gmail.com>
    <CAFjj6016bd4UJY70xoh3A1Jh=2ibrnGP3d8amkjut5G9Yq0nhg@mail.gmail.com>
Date: Fri, 14 Dec 2018 07:38:38 +0100
Subject: Re: Guacamole & OpenID
From: "B3r3n" <B3r3n@argosnet.com>
To: user@guacamole.apache.org
User-Agent: SquirrelMail/1.4.23 [SVN]
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
X-Priority: 3 (Normal)
Importance: Normal
Content-Transfer-Encoding: quoted-printable

Hello Nick,

>>
>> The path forward to implement that for OpenID is fairly clear - it
>> would just need to be done. I don't know what would need to be done
>> for the generic header authentication, where there's no standard
>> defining how logout should be signaled to the IDP.
>>
>
> For the header module, we could add a header-logout-url parameter that
> could be configured to take the user to a URL that would log them out o=
f
> whatever session generated the header?  This kind of kicks the problem =
of
> how the header logout is accomplished out of the Guacamole realm and ov=
er
> to whatever login system is generating the header.
That would just be perfect. This matchines my request from 2 weeks ago.
DELETE token being replaced by https://oidc/logout URL will remove the he=
ader
and thus no more access on Guacamole, even if user keeps seeing menues et=
c.
Maybe also another point: upon auth-header module + not the required vari=
able,
block user to the Guacamole login page, not permitting login, just with a
simple message as "Authentication required" ?

Thanks

Brgrds

>
> -Nick
>
>
>