guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lee <ldoug...@vt.edu>
Subject Re: Authentication Changes in 1.0.0
Date Thu, 28 Feb 2019 03:16:18 GMT
Auth Code: https://github.com/VTLee/guac-auth-ext

What I see: Only the first cookie matters. If I try to re-connect later, I
see no `logger.info()` messages that I used to see in
`getAuthorizedConfigurations`. It simply goes right into the previous
connection


Here's what I see in logs; First connection:
21:06:13.893 [http-nio-8080-exec-4] INFO myorg.ext.AuthenticationProvider -
Authenticated '9f263271-720c-4ec3-8df9-3342ed1cb059' to access the access
point: rdp://10.1.41.16:3389
21:06:13.913 [http-nio-8080-exec-4] INFO o.a.g.r.auth.AuthenticationService
- User "9f263271-720c-4ec3-8df9-3342ed1cb059" successfully authenticated
from [10.1.1.14, 10.1.6.31].
21:06:14.373 [http-nio-8080-exec-15] INFO o.a.g.environment.LocalEnvironment
- GUACAMOLE_HOME is "/root/.guacamole".
21:06:14.436 [http-nio-8080-exec-15] INFO o.a.g.tunnel.TunnelRequestService
- User "9f263271-720c-4ec3-8df9-3342ed1cb059" connected to connection
"2c28b2f6-156a-4f84-bbaa-7becffb92f00/ac454c62-387f-44aa-b129-352b6fce6d8d/012a5617-00aa-430c-9915-5e92e91b4d70".
21:06:20.856 [http-nio-8080-exec-12] INFO o.a.g.tunnel.TunnelRequestService
- User "9f263271-720c-4ec3-8df9-3342ed1cb059" disconnected from connection
"2c28b2f6-156a-4f84-bbaa-7becffb92f00/ac454c62-387f-44aa-b129-352b6fce6d8d/012a5617-00aa-430c-9915-5e92e91b4d70".
Duration: 6416 milliseconds

Connection with different cookie passed in (which the service would look up
and realize is a different server):
21:06:22.867 [http-nio-8080-exec-13] INFO o.a.g.environment.LocalEnvironment
- GUACAMOLE_HOME is "/root/.guacamole".
21:06:22.879 [http-nio-8080-exec-13] INFO o.a.g.tunnel.TunnelRequestService
- User "9f263271-720c-4ec3-8df9-3342ed1cb059" connected to connection
"2c28b2f6-156a-4f84-bbaa-7becffb92f00/ac454c62-387f-44aa-b129-352b6fce6d8d/012a5617-00aa-430c-9915-5e92e91b4d70".
21:06:24.541 [http-nio-8080-exec-12] INFO o.a.g.tunnel.TunnelRequestService
- User "9f263271-720c-4ec3-8df9-3342ed1cb059" disconnected from connection
"2c28b2f6-156a-4f84-bbaa-7becffb92f00/ac454c62-387f-44aa-b129-352b6fce6d8d/012a5617-00aa-430c-9915-5e92e91b4d70".
Duration: 1662 milliseconds

Note how the second connection didn't even mention AuthenticationProvider --
something bypassed that entire step (and there's no pathway that passes
through getAuthorizedConfigurations that doesn't log a message). I have no
way to alter this process within my extension anymore.


The intended functionality (that worked in 9.14) is for the user to be able
to have several simultaneous connections to guacamole which route to
different servers based on an initial cookie value which is used to lookup
connection information (think: multiple tabs to different machines). The
cookie is simply a one-time use primary key in a table that says the target
machine info (host, port, protocol).




--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

Mime
View raw message