guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <mjum...@apache.org>
Subject Re: Authentication Changes in 1.0.0
Date Mon, 04 Mar 2019 23:34:23 GMT
On Mon, Mar 4, 2019 at 2:32 PM Lee <ldoughty@vt.edu> wrote:

> Thanks Nick and Mike.
>
> The change ended up being on the front end & connection to the
> authentication module. We were destroying the users cookie if they tried to
> re-connect. With the changes to have that information in local storage,
> that
> broke our authentication process before it started. I suppose we'll have to
> see if deleting the local storage objects as well now will work.


I wouldn't recommend destroying local storage objects as a means of
achieving this. You old solution (destroying the user's cookie) is built
upon a workaround which actively fights the internals of the webapp, and so
will be brittle. You should instead look to a solution which is built upon
(not against) what's provided.

The extension API allows for user data to be derived dynamically (see
previous emails in this thread), including based on changes to the request
like the cookie that your system generates. I recommend leveraging that
aspect of the API to achieve what it's designed to do.

You might additionally look into using the anonymous username for your
users on the Guacamole side:

http://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/AuthenticatedUser.html#ANONYMOUS_IDENTIFIER

The anonymous user has different semantics and will not persist the auth
token:

https://github.com/apache/guacamole-client/blob/5ce0c0f0358096d87e19c7decdb4d6dfd21aeff5/guacamole/src/main/webapp/app/auth/service/authenticationService.js#L118-L120

- Mike

Mime
View raw message