guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <mjum...@apache.org>
Subject Re: Authentication Changes in 1.0.0
Date Thu, 28 Feb 2019 03:36:28 GMT
On Wed, Feb 27, 2019 at 7:16 PM Lee <ldoughty@vt.edu> wrote:

> Auth Code: https://github.com/VTLee/guac-auth-ext
> ...
>

> Note how the second connection didn't even mention AuthenticationProvider
> --
> something bypassed that entire step (and there's no pathway that passes
> through getAuthorizedConfigurations that doesn't log a message). I have no
> way to alter this process within my extension anymore.
>
>
Nothing bypassed the step - your extension as written would have worked
this way for all releases of Guacamole, including 0.9.14. The
SimpleAuthenticationProvider class always caches the GuacamoleConfiguration
instances returned by getAuthorizedConfigurations().

The authenticateUser() function is invoked only at the beginning of the
user's session. Until the user logs out or their session expires (or they
use a different machine/browser that isn't logged in), this will only be
invoked once. After that point, the existing user will only be updated if
the extension implements updateAuthenticatedUser(). Data associated with
the session like connections, accessed via the UserContext returned by
getUserContext(), will similarly only be updated if updateUserContext() is
implemented.


> The intended functionality (that worked in 9.14) is for the user to be able
> to have several simultaneous connections to guacamole which route to
> different servers based on an initial cookie value which is used to lookup
> connection information (think: multiple tabs to different machines). The
> cookie is simply a one-time use primary key in a table that says the target
> machine info (host, port, protocol).
>

If you want the user's session to be updated when your cookie changes, you
will need to write an extension which implements updateUserContext() to
update the UserContext associated with their session with respect to that
cookie.

I suspect that if you retest your extension with 0.9.14, you'll find that
the behavior is unchanged, and the result of processing the cookie is still
cached.

- Mike

Mime
View raw message