guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <>
Subject Re: Connect user to runtime created instances.
Date Sat, 02 Feb 2019 18:27:46 GMT
On Sat, Feb 2, 2019 at 6:37 AM Nick Couchman <> wrote:
> On Sat, Feb 2, 2019 at 6:54 AM Mr X0rcist <> wrote:
>> Hi ,
>> I am trying to achieve the following:
>> When a user authenticates to the Guacamole I need to spin up new docker image running
VNC and connect user to it.
>> Note, all users are accessing same application hence one docker image . However,
no image is running before user logs on.
>> 1)What I am trying to figure it out is how to run trigger starting new docker image
as soon as user successfully authenticated by Guacamole's local database.
>> 2)and connect authenticated user to that newly created instance (don't want it to
connect it to other users's instance)
>> Last, docker instance will be killed/removed once user logs off
>> Would appreciate if one can give me some hints being n00b to it.
> There's not a currently implemented method for this, but off the bat I would say that
implementing an Event Listener extension is probably the best way to go.  These allow you
to act on and even intercept the following events:
> - User Logon
> - User Logoff
> - Tunnel Connect
> - Tunnel Close
> Based on your use case, you might actually need to implement an extension that does both
event listening/handling, and authentication - you'll probably need to do something like this:
> - Catch User Logon event
> - Determine parameters for the connection (port, IP, etc.)
> - Start Docker instance with the determined parameters
> - Determine that the instance is running/ready
> - Create/start a connection to the instance
> All of this should be doable, but, again, it is not currently implemented, so it will
take some Java programming to get it done.  You can find documentation on the Event Listeners,
including an example implementation, here:

Extensions are definitely the way to achieve this. Rather than event
listeners, I'd suggest writing an AuthenticationProvider which
provides a UserContext (via getUserContext()) which provides a single
connection, generated dynamically, and handles spinning up / tearing
down the instance internally, either through the lifecycle of the
UserContext or of the connection. Your AuthenticationProvider can
delegate authentication to any other extension, including the
database, as long as it accepts the AuthenticatedUser received by

- Mike

View raw message