guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <mjum...@apache.org>
Subject Re: Sending private-key in json (using API to open session)
Date Tue, 30 Apr 2019 17:25:46 GMT
Hi Paul,

Ultimately, you will need to ensure the JSON is valid JSON. The issue
you're seeing is not due to something specific to Guacamole - you're simply
getting low-level parse errors because the JSON is invalid. It's difficult
to see where exactly the failure lies in the censored JSON snippet, but
overall:

1. Make sure you do not have line breaks within the string. You can have
newlines within a string value, but these need to be represented as "\n".
You don't need to use Windows-style "\r\n" - "\n" will do.
2. Make sure you have not accidentally entered a double-quote within the
string which would cause the string to end and the rest of its value to be
interpreted as raw JSON. I don't believe the private key value would ever
normally have such a character in it, but the solution if it were needed
would be to backslash escape it. The same goes for other characters that
JSON would assign special meaning to within strings, like backslashes
themselves.

If you still see JSON parse failures after this, I suggest opening things
up in a text editor which will not wrap lines, so you can easily tell
whether your private key line still contains line breaks. You might also
try pasting the JSON into a JSON validator, which might give help you find
the specific part in your file that is failing.

If you will be programmatically generating the JSON in practice, the JSON
library you use should take care of automatically and correctly escaping
string values.

- Mike


On Tue, Apr 30, 2019 at 4:36 AM Paul A <paul@thissolution.com> wrote:

> Hi
>
>
>
> Does anyone have any ideas on storing the private-key in the json, that
> Guacamole can actually read?
>
>
>
> Thanks
>
>
>
> Paul
>
> -------------------------------------------------------------
>
>
>
> Hi
>
>
>
> Thanks for replying quickly. What about the encoding of the data, and
> encrypting it with the key? Before you can send data to that URL (same as
> what we send ours to), you need to do those 2 things, which is done as an
> example with the encrypt-json.sh file (provided by Mike)
>
>
>
>
>
>
>
> I gave it a go though I tired to just put some data and got this in
> postman:
>
>
>
>
>
> {
>
>     "message": "Permission denied.",
>
>     "translatableMessage": {
>
>         "key": "Permission denied.",
>
>         "variables": null
>
>     },
>
>     "statusCode": null,
>
>     "expected": [],
>
>     "type": "INVALID_CREDENTIALS"
>
> }
>
>
>
> And this in the log file:
>
> [http-nio-8080-exec-20] WARN  o.a.g.r.auth.AuthenticationService -
> Authentication attempt from [ 172.19.198.2] for user "paul" failed.
>
>
>
>
>
> -----Original Message-----
>
> From: sciUser [mailto:shulbert@securitycentric.net
> <shulbert@securitycentric.net>]
>
> Sent: Friday, 26 April 2019 5:10 PM
>
> To: user@guacamole.apache.org
>
> Subject: Re: Sending private-key in json (using API to open session)
>
>
>
> How we do it:
>
>
>
> We use curl to post :
>
> curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d
> 'username=SOMEUSERNAME&password=SOMEPASSWORD'
>
> https://<Guacamole>/guacamole/api/tokens
> <https://contactmonkey.com/api/v1/tracker?cm_session=769b01d0-077b-4977-a792-41bffa59bad0&cm_type=link&cm_link=c818cd5d-b25c-4fec-afa4-d67dd9b3d0ab&cm_destination=https://%3cGuacamole%3e/guacamole/api/tokens>
>
>
>
> This will generate a one time token for that user to login with then it
> will expire, but the connection will remain as long as the session is
> active in the browser.  The return/redirect link should look like this:
>
>
>
>
> https://<Guacamole>/guacamole/#/client/?token=5AD2069FD0F6788848BBE23B6095816EA2B5CEBB1EF07F76051010E050C70063
> <https://contactmonkey.com/api/v1/tracker?cm_session=769b01d0-077b-4977-a792-41bffa59bad0&cm_type=link&cm_link=9105440c-d4a3-4c88-bdd0-a97ba09f2b4f&cm_destination=https://%3cGuacamole%3e/guacamole/#/client/?token=5AD2069FD0F6788848BBE23B6095816EA2B5CEBB1EF07F76051010E050C70063>
>
>
>
> Our Provisioning system does all this on the fly and manages Guacamole
> directly.
>
>
>
> Hope this helps.
>
>
>
> Thank You
>
>
>
>
>
>
>
>
>
>
>
> --
>
> Sent from:
> http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
> <https://contactmonkey.com/api/v1/tracker?cm_session=769b01d0-077b-4977-a792-41bffa59bad0&cm_type=link&cm_link=b4107129-2a40-41e2-89d3-541d2a56013e&cm_destination=http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/>
>
> [image:
> https://contactmonkey.com/api/v1/tracker?cm_session=769b01d0-077b-4977-a792-41bffa59bad0&cm_type=open&cm_user_email=paul@thissolution.com]
>

Mime
View raw message