guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul A <p...@thissolution.com>
Subject RE: Sending private-key in json (using API to open session)
Date Wed, 01 May 2019 23:44:05 GMT
Hi Mike



I just looked at the logs, and I have not been seeing that error for the
last 2 days of testing, I am just seeing this each time I test:

12:48:53.606 [http-nio-8080-exec-33] INFO
o.a.g.r.auth.AuthenticationService - User "user" successfully authenticated
from [X.X.X.X, 172.19.198.2].

12:49:07.126 [http-nio-8080-exec-47] INFO
o.a.g.tunnel.TunnelRequestService - User "user" connected to connection
"paul".



I see the first line of the log when it connects – and I see this in the
web page:

[image: cid:image001.png@01D500CB.94036830]



Then then doesn’t matter what I enter, it disconnects the web page and I
get the error message on the web page, and then I see the next line in the
log file.



More then happy to deploy a docker stack of guacamole for you to jump in,
if required, or is this now a different issue?







*From:* Mike Jumper [mailto:mjumper@apache.org]
*Sent:* Thursday, 2 May 2019 5:32 AM
*To:* user@guacamole.apache.org
*Subject:* Re: Sending private-key in json (using API to open session)



On Wed, May 1, 2019 at 5:42 AM Paul A <paul@thissolution.com> wrote:

Hi Mike



Thanks for getting back to me, appreciate it.



I have put \n at the end of each line – and confirmed with 3 online JSON
validators that its valid JSON. Yet its still not working- keeps asking for
passphrase key.



The issue isn’t the JSON being generated, at the moment I am manually doing
it to confirm its working, and then passing it through your encrypt-json.sh
script to get the output and put that into https://<GACAMOLE>/#/?tokens
<https://contactmonkey.com/api/v1/tracker?cm_session=46fe7273-d1c3-4014-b978-7cbacdfed80a&cm_type=link&cm_link=b887b031-2383-4502-a982-527ac550b1de&cm_destination=https://%3cGACAMOLE%3e/#/?tokens>
to get the token, then passing it to https://<GACAMOLE>/#/?token=
<https://contactmonkey.com/api/v1/tracker?cm_session=46fe7273-d1c3-4014-b978-7cbacdfed80a&cm_type=link&cm_link=e92dd8c9-8b90-4ca6-87d2-8aec2f36814d&cm_destination=https://%3cGACAMOLE%3e/#/?token=>
to
load the page. I am doing it this way to make sure it all works – and doing
this exact thing with using a json that doesn’t have a key, but has a
password works. An ssh’ing into the client machine from this exact server
while passing this rsa_dsa key (via the ssh –I RSA_DSA file) also works
(doenst ask for a password).



So from this, I know the key works using ssh directly, and I know the API
works, and the json file format works when not using a multi line key. But
adding the 2 together fails.



So I am stuck and frustrated as to where else I can look to a resolution.



If you are still seeing:



"ERROR o.g.g.auth.json.user.UserDataService - Received JSON is invalid:
Unexpected character ('-' (code 45)) in numeric value: expected digit (0-9)
to follow minus sign, for valid numeric value at [Source:
java.io.StringReader@32408e9d; line: 1, column: 3]"



Then the only possibility really is that the JSON is invalid. We can take a
look at the JSON, etc., but we would of course need the full JSON. I'd
suggest:



1) Setting up a temporary user on an isolated system with a private key
that you wouldn't mind sending verbatim to a mailing list

2) Encrypting, etc. the JSON with a new, temporary key for
guacamole-auth-json that you will use only for this test

3) Reproduce the problem with the above

4) Send the error(s), the data that you sent to the token service producing
those errors, and the shared key used to encrypt the JSON here.



That would be enough to take a look. Without that, all I can really do is
look at the error that says "JSON is invalid" and say "yep, your JSON is
invalid."



- Mike



[image:
https://contactmonkey.com/api/v1/tracker?cm_session=2fffb282-bfe4-4b10-9053-2daf099935ed&cm_type=open&cm_user_email=paul@thissolution.com]

Mime
View raw message