From user-return-5467-archive-asf-public=cust-asf.ponee.io@guacamole.apache.org  Thu Feb 28 03:37:09 2019
Return-Path: <user-return-5467-archive-asf-public=cust-asf.ponee.io@guacamole.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx-eu-01.ponee.io (Postfix) with SMTP id 7AF9D180608
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 28 Feb 2019 04:37:08 +0100 (CET)
Received: (qmail 74639 invoked by uid 500); 28 Feb 2019 03:37:06 -0000
Mailing-List: contact user-help@guacamole.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@guacamole.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@guacamole.apache.org>
List-Post: <mailto:user@guacamole.apache.org>
List-Id: <user.guacamole.apache.org>
Reply-To: user@guacamole.apache.org
Delivered-To: mailing list user@guacamole.apache.org
Received: (qmail 74627 invoked by uid 99); 28 Feb 2019 03:37:06 -0000
Received: from mail-relay.apache.org (HELO mailrelay1-lw-us.apache.org) (207.244.88.152)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Feb 2019 03:37:06 +0000
Received: from mail-ot1-f51.google.com (mail-ot1-f51.google.com [209.85.210.51])
	by mailrelay1-lw-us.apache.org (ASF Mail Server at mailrelay1-lw-us.apache.org) with ESMTPSA id 9C6BA1295
	for <user@guacamole.apache.org>; Thu, 28 Feb 2019 03:37:05 +0000 (UTC)
Received: by mail-ot1-f51.google.com with SMTP id n71so16435003ota.10
        for <user@guacamole.apache.org>; Wed, 27 Feb 2019 19:37:05 -0800 (PST)
X-Gm-Message-State: AHQUAuZOw0SvjnNxstvnBis/PF/I+xQqLLySa1NLCzX8Qp0sfHzBANRO
	z1keKtUmbRVffs1WKpRNqD3SGGtxfkaqcHNQSnQcGA==
X-Google-Smtp-Source: AHgI3IZPZ89nl6VjUwWTFZvwAaZpduwDajthHM2WV23dsRnURZwK95EOfdDLGJxkqhfiZvc7SDKkAjGM9CoC1/OF9gQ=
X-Received: by 2002:a05:6830:14d6:: with SMTP id t22mr4576126otq.255.1551325025045;
 Wed, 27 Feb 2019 19:37:05 -0800 (PST)
MIME-Version: 1.0
References: <1551308771018-0.post@n4.nabble.com> <CAFjj600GHY4N32A7QADczL+DkJCDMJKn8tWpUh9SDC0KEFxZjw@mail.gmail.com>
 <1551323778369-0.post@n4.nabble.com>
In-Reply-To: <1551323778369-0.post@n4.nabble.com>
From: Mike Jumper <mjumper@apache.org>
Date: Wed, 27 Feb 2019 19:36:28 -0800
X-Gmail-Original-Message-ID: <CALKeL-NZdwZgePi4Z0qw06_fJSfzw7c8GihnkmZYpUJ3WJGkBg@mail.gmail.com>
Message-ID: <CALKeL-NZdwZgePi4Z0qw06_fJSfzw7c8GihnkmZYpUJ3WJGkBg@mail.gmail.com>
Subject: Re: Authentication Changes in 1.0.0
To: user@guacamole.apache.org
Content-Type: multipart/alternative; boundary="0000000000000caaba0582ec015b"

--0000000000000caaba0582ec015b
Content-Type: text/plain; charset="UTF-8"

On Wed, Feb 27, 2019 at 7:16 PM Lee <ldoughty@vt.edu> wrote:

> Auth Code: https://github.com/VTLee/guac-auth-ext
> ...
>

> Note how the second connection didn't even mention AuthenticationProvider
> --
> something bypassed that entire step (and there's no pathway that passes
> through getAuthorizedConfigurations that doesn't log a message). I have no
> way to alter this process within my extension anymore.
>
>
Nothing bypassed the step - your extension as written would have worked
this way for all releases of Guacamole, including 0.9.14. The
SimpleAuthenticationProvider class always caches the GuacamoleConfiguration
instances returned by getAuthorizedConfigurations().

The authenticateUser() function is invoked only at the beginning of the
user's session. Until the user logs out or their session expires (or they
use a different machine/browser that isn't logged in), this will only be
invoked once. After that point, the existing user will only be updated if
the extension implements updateAuthenticatedUser(). Data associated with
the session like connections, accessed via the UserContext returned by
getUserContext(), will similarly only be updated if updateUserContext() is
implemented.


> The intended functionality (that worked in 9.14) is for the user to be able
> to have several simultaneous connections to guacamole which route to
> different servers based on an initial cookie value which is used to lookup
> connection information (think: multiple tabs to different machines). The
> cookie is simply a one-time use primary key in a table that says the target
> machine info (host, port, protocol).
>

If you want the user's session to be updated when your cookie changes, you
will need to write an extension which implements updateUserContext() to
update the UserContext associated with their session with respect to that
cookie.

I suspect that if you retest your extension with 0.9.14, you'll find that
the behavior is unchanged, and the result of processing the cookie is still
cached.

- Mike

--0000000000000caaba0582ec015b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">On Wed, Feb 27, 2019 at 7:16 PM Lee &lt;<=
a href=3D"mailto:ldoughty@vt.edu" target=3D"_blank">ldoughty@vt.edu</a>&gt;=
 wrote:<br></div><div class=3D"gmail_quote"><blockquote class=3D"gmail_quot=
e" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204)=
;padding-left:1ex">Auth Code: <a href=3D"https://github.com/VTLee/guac-auth=
-ext" rel=3D"noreferrer" target=3D"_blank">https://github.com/VTLee/guac-au=
th-ext</a><br>...<br></blockquote><blockquote class=3D"gmail_quote" style=
=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding=
-left:1ex">
<br>
Note how the second connection didn&#39;t even mention AuthenticationProvid=
er --<br>
something bypassed that entire step (and there&#39;s no pathway that passes=
<br>
through getAuthorizedConfigurations that doesn&#39;t log a message). I have=
 no<br>
way to alter this process within my extension anymore.<br>
<br></blockquote><div><br></div><div>Nothing bypassed the step - your exten=
sion as written would have worked this way for all releases of Guacamole, i=
ncluding 0.9.14. The SimpleAuthenticationProvider class always caches the G=
uacamoleConfiguration instances returned by getAuthorizedConfigurations().<=
/div><div><br></div><div>The authenticateUser() function is invoked only at=
 the beginning of the user&#39;s session. Until the user logs out or their =
session expires (or they use a different machine/browser that isn&#39;t log=
ged in), this will only be invoked once. After that point, the existing use=
r will only be updated if the extension implements updateAuthenticatedUser(=
). Data associated with the session like connections, accessed via the User=
Context returned by getUserContext(), will similarly only be=C2=A0updated i=
f updateUserContext() is implemented.</div><div><br></div><blockquote class=
=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rg=
b(204,204,204);padding-left:1ex">
<br>
The intended functionality (that worked in 9.14) is for the user to be able=
<br>
to have several simultaneous connections to guacamole which route to<br>
different servers based on an initial cookie value which is used to lookup<=
br>
connection information (think: multiple tabs to different machines). The<br=
>
cookie is simply a one-time use primary key in a table that says the target=
<br>
machine info (host, port, protocol).<br></blockquote><div><br></div><div>If=
 you want the user&#39;s session to be updated when your cookie changes, yo=
u will need to write an extension which implements updateUserContext() to u=
pdate the UserContext associated with their session with respect to that co=
okie.</div><div><br></div><div>I suspect that if you retest your extension =
with 0.9.14, you&#39;ll find that the behavior is unchanged, and the result=
 of processing the cookie is still cached.</div><div><br></div><div>- Mike<=
/div><div><br></div></div></div>

--0000000000000caaba0582ec015b--