You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Prashant K <pr...@agreeya.com> on 2020/08/31 09:00:50 UTC
guacamole-auth-json is not working
Hello All,
I am new to Guacamole and recently installed it on Linux debian 4.19
Its GUI is working fine with the credentials in the Usermapping.xml and now I am trying to use the guacamole-auth-json.
I have followed the steps mentioned at https://github.com/glyptodon/guacamole-auth-json and checking the Reference implementation first.
But when I am posting the data to the Rest API using curl it is failing with below error:
root@debian:~# curl --data-urlencode "data=Bbg91V2NX0yUFc/fq1pl8e+mwg10qSWSRT5AmJWERt+ctO+jNy0sE96knvgD6HwU5EoV0lIfgrCzXi3qMRWmw2QDxBKjGuB8qIiHFasvoAOMLTgrlzdeqicQu2LJoOCVZErDLp/mpc0VaiAL3zuT+fOVphEQ0igNqMCaMlNMzkUQW6UPLoXYG+ouo5jvdK/0asydMjJKt797+Sl+Ir1+wK9flKpQgRxLac/MXwR5X7jPKqrlH5eTCG6s0MVEDG+ejNis3Mwow4jjpE5u6a+7e1R7tct9MIgUmNtcq/4b+APz6h2Fb9zQLzOgrycmiGlV4N1vfmGMNQEAqpRPPaQX8hun0LBNHYLAa2kwpHg8LxCDsIuYAFpVJeScm1kdWol6byq1GJx9gjauazTuwaMYGg72EjImVdqjsG96+ceNDjOdJwkL4gu32Az1Dxap7Er6PECMzcCpP61ItEvBkRYkQg==" http://10.9.31.33:8080/guacamole/api/tokens
{"message":"Permission Denied.","translatableMessage":{"key":"Permission Denied.","variables":null},"statusCode":null,"expected":[{"name":"username","type":"USERNAME"},{"name":"password","type":"PASSWORD"}],"type":"INVALID_CREDENTIALS"}root@debian:~
Please suggest where to look into to resolve this issue?
Regards,
Prashant
RE: guacamole-auth-json is not working
Posted by Adrian Owen <ad...@eesm.com>.
Please paste your connection JSON, I can check it.
Adrian
From: Prashant K [mailto:prashant.k@agreeya.com]
Sent: 31 August 2020 10:01
To: user@guacamole.apache.org
Subject: guacamole-auth-json is not working
Hello All,
I am new to Guacamole and recently installed it on Linux debian 4.19
Its GUI is working fine with the credentials in the Usermapping.xml and now I am trying to use the guacamole-auth-json.
I have followed the steps mentioned at https://github.com/glyptodon/guacamole-auth-json and checking the Reference implementation first.
But when I am posting the data to the Rest API using curl it is failing with below error:
root@debian:~# curl --data-urlencode "data=Bbg91V2NX0yUFc/fq1pl8e+mwg10qSWSRT5AmJWERt+ctO+jNy0sE96knvgD6HwU5EoV0lIfgrCzXi3qMRWmw2QDxBKjGuB8qIiHFasvoAOMLTgrlzdeqicQu2LJoOCVZErDLp/mpc0VaiAL3zuT+fOVphEQ0igNqMCaMlNMzkUQW6UPLoXYG+ouo5jvdK/0asydMjJKt797+Sl+Ir1+wK9flKpQgRxLac/MXwR5X7jPKqrlH5eTCG6s0MVEDG+ejNis3Mwow4jjpE5u6a+7e1R7tct9MIgUmNtcq/4b+APz6h2Fb9zQLzOgrycmiGlV4N1vfmGMNQEAqpRPPaQX8hun0LBNHYLAa2kwpHg8LxCDsIuYAFpVJeScm1kdWol6byq1GJx9gjauazTuwaMYGg72EjImVdqjsG96+ceNDjOdJwkL4gu32Az1Dxap7Er6PECMzcCpP61ItEvBkRYkQg==" http://10.9.31.33:8080/guacamole/api/tokens
{"message":"Permission Denied.","translatableMessage":{"key":"Permission Denied.","variables":null},"statusCode":null,"expected":[{"name":"username","type":"USERNAME"},{"name":"password","type":"PASSWORD"}],"type":"INVALID_CREDENTIALS"}root@debian:~
Please suggest where to look into to resolve this issue?
Regards,
Prashant
RE: guacamole-auth-json is not working
Posted by Prashant K <pr...@agreeya.com>.
Hello Friends,
I am trying to use the guacamole-auth-json in the C# code, but the signing using the HMAC (-sha256 -mac HMAC) seems to be giving different results than the one obtained from the encrypt-json.sh
I am pasting the sample C# code:
public class MyHmac
{
static void CreateToken(string message, string secret)
{
var encoding = new System.Text.ASCIIEncoding();
byte[] keyByte = encoding.GetBytes(secret);
byte[] messageBytes = encoding.GetBytes(message);
using (var hmacsha256 = new HMACSHA256(keyByte))
{
byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
Console.WriteLine("Base64 String: " + Convert.ToBase64String(hashmessage));
Console.ReadLine();
}
}
static void Main(string[] args)
{
// Secret Key same as in the Guacamole properties
const string secret_key = "4c0b569e4c96df157eee1b65dd0e4d41";
string json_data = System.IO.File.ReadAllText(@"D:\QCAP\Guacamole\json1.txt");
CreateToken(json_data, secret_key);
}
}
To match the logic I am only using sign() function and commented the encrypt() function in the encrypt-json.sh file and removed binary parameter from the sign function but the output is still different.
Output from encrypt-json.sh:
Base64 String: udV2lZWy669GwqRLVjGQ6ue9t9q+5BCS65G6x+I6h7w=
Output from C# code:
HMAC-SHA256(authpwd.json)= 5ee6d6b014497be01754e3d16a5164c95d2246d92e640dc3931d8f8810799e79
Please suggest what is wrong here?
Regards,
Prashant
From: Prashant K
Sent: Wednesday, September 2, 2020 12:45 AM
To: user@guacamole.apache.org
Subject: RE: guacamole-auth-json is not working
Thanks a ton Nick, you made my day ☺
Regards,
Prashant
From: Nick Couchman <vn...@apache.org>>
Sent: Wednesday, September 2, 2020 12:28 AM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: Re: guacamole-auth-json is not working
On Tue, Sep 1, 2020 at 2:49 PM Prashant K <pr...@agreeya.com>> wrote:
Here:
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/guacamole-auth-json-Questions-td3214.html
Mike you replied in above thread:
If you mean you are providing JSON like:
{
'username' : 'foo',
'password' : 'bar
}
this is not working because it is invalid. There is no password property:
You are confusing JSON authentication module properties with connection parameters. You would do something like this:
{
"username" : "administrator",
"expires" : "1599764011",
"connections" : {
"SQLDB" : {
"protocol" : "rdp",
"parameters" : {
"hostname" : "10.9.31.85",
"ignore-cert" : "true",
"port" : "3389",
"username" : "windowsuser",
"password" : "SuperSecretPassword"
}
}
}
}
The first "username" field is the username for Guacamole; the second username field and matching password field is the connection parameter. Guacamole username is not the same as the connection username/password.
-Nick
RE: guacamole-auth-json is not working
Posted by Prashant K <pr...@agreeya.com>.
Thanks a ton Nick, you made my day ☺
Regards,
Prashant
From: Nick Couchman <vn...@apache.org>
Sent: Wednesday, September 2, 2020 12:28 AM
To: user@guacamole.apache.org
Subject: Re: guacamole-auth-json is not working
On Tue, Sep 1, 2020 at 2:49 PM Prashant K <pr...@agreeya.com>> wrote:
Here:
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/guacamole-auth-json-Questions-td3214.html
Mike you replied in above thread:
If you mean you are providing JSON like:
{
'username' : 'foo',
'password' : 'bar
}
this is not working because it is invalid. There is no password property:
You are confusing JSON authentication module properties with connection parameters. You would do something like this:
{
"username" : "administrator",
"expires" : "1599764011",
"connections" : {
"SQLDB" : {
"protocol" : "rdp",
"parameters" : {
"hostname" : "10.9.31.85",
"ignore-cert" : "true",
"port" : "3389",
"username" : "windowsuser",
"password" : "SuperSecretPassword"
}
}
}
}
The first "username" field is the username for Guacamole; the second username field and matching password field is the connection parameter. Guacamole username is not the same as the connection username/password.
-Nick
Re: guacamole-auth-json is not working
Posted by Nick Couchman <vn...@apache.org>.
On Tue, Sep 1, 2020 at 2:49 PM Prashant K <pr...@agreeya.com> wrote:
> Here:
>
>
> http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/guacamole-auth-json-Questions-td3214.html
>
>
>
> Mike you replied in above thread:
>
> If you mean you are providing JSON like:
>
>
>
> {
>
> 'username' : 'foo',
>
> 'password' : 'bar
>
> }
>
>
>
> this is not working because it is invalid. There is no password property:
>
>
>
You are confusing JSON authentication module properties with connection
parameters. You would do something like this:
{
"username" : "administrator",
"expires" : "1599764011",
"connections" : {
"SQLDB" : {
"protocol" : "rdp",
"parameters" : {
"hostname" : "10.9.31.85",
"ignore-cert" : "true",
"port" : "3389",
"username" : "windowsuser",
"password" : "SuperSecretPassword"
}
}
}
}
The first "username" field is the username for Guacamole; the second
username field and matching password field is the connection parameter.
Guacamole username is not the same as the connection username/password.
-Nick
>
RE: guacamole-auth-json is not working
Posted by Prashant K <pr...@agreeya.com>.
Here:
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/guacamole-auth-json-Questions-td3214.html
Mike you replied in above thread:
If you mean you are providing JSON like:
{
'username' : 'foo',
'password' : 'bar
}
this is not working because it is invalid. There is no password property:
Regards,
Prashant
From: Mike Jumper <mj...@apache.org>
Sent: Wednesday, September 2, 2020 12:08 AM
To: user@guacamole.apache.org
Subject: Re: guacamole-auth-json is not working
On Tue, Sep 1, 2020, 11:09 Prashant K <pr...@agreeya.com>> wrote:
Thanks you Nick, with the proper syntax I am able to connect to the windows RDP using JSON.
My next question is how I can embed windows login password in the token, because I have read somewhere that password parameter is not supported in the JSON.
Where?
The parameters are just string name/value pairs. You can specify any connection parameter, regardless of whether its name is "password".
- Mike
Re: guacamole-auth-json is not working
Posted by Mike Jumper <mj...@apache.org>.
On Tue, Sep 1, 2020, 11:09 Prashant K <pr...@agreeya.com> wrote:
> Thanks you Nick, with the proper syntax I am able to connect to the
> windows RDP using JSON.
>
> My next question is how I can embed windows login password in the token,
> because I have read somewhere that password parameter is not supported in
> the JSON.
>
Where?
The parameters are just string name/value pairs. You can specify any
connection parameter, regardless of whether its name is "password".
- Mike
RE: guacamole-auth-json is not working
Posted by Prashant K <pr...@agreeya.com>.
Thanks you Nick, with the proper syntax I am able to connect to the windows RDP using JSON.
My next question is how I can embed windows login password in the token, because I have read somewhere that password parameter is not supported in the JSON.
Regards,
Prashant
From: Nick Couchman <vn...@apache.org>
Sent: Tuesday, September 1, 2020 5:55 PM
To: user@guacamole.apache.org
Subject: Re: guacamole-auth-json is not working
On Tue, Sep 1, 2020 at 7:20 AM Prashant K <pr...@agreeya.com>> wrote:
I see following in the syslogs:
Sep 1 03:14:14 debian systemd[1]: Started Session 53 of user root.
Sep 1 03:15:36 debian guacd[897]: Creating new client for protocol "rdp"
Sep 1 03:15:36 debian guacd[897]: Connection ID is "$df64bc90-f57d-419b-b06c-65ddaddd3e16"
Sep 1 03:15:36 debian guacd[6628]: No security mode specified. Defaulting to security mode negotiation with server.
Sep 1 03:15:36 debian guacd[6628]: Resize method: none
Sep 1 03:15:36 debian guacd[6628]: User "@756f9962-0528-43ac-81cd-f035a9f7c5a6" joined connection "$df64bc90-f57d-419b-b06c-65ddaddd3e16" (1 users now present)
Sep 1 03:15:36 debian guacd[6628]: Loading keymap "base"
Sep 1 03:15:36 debian guacd[6628]: Loading keymap "en-us-qwerty"
Sep 1 03:15:36 debian guacd[6628]: Certificate validation failed
Sep 1 03:15:36 debian guacd[6628]: Error connecting to RDP server
Sep 1 03:15:36 debian guacd[6628]: User "@756f9962-0528-43ac-81cd-f035a9f7c5a6" disconnected (0 users remain)
Sep 1 03:15:36 debian guacd[6628]: Last user of connection "$df64bc90-f57d-419b-b06c-65ddaddd3e16" disconnected
Sep 1 03:15:36 debian guacd[897]: Connection "$df64bc90-f57d-419b-b06c-65ddaddd3e16" removed.
Can you please send me a sample JSON with “ignore-cert” and “security” parameters?
The "ignore-cert" parameter should be in the "parameters" section of the JSON, not up in the top with the username/expires. ignore-cert is a connection parameter.
-Nick
Re: guacamole-auth-json is not working
Posted by Nick Couchman <vn...@apache.org>.
On Tue, Sep 1, 2020 at 7:20 AM Prashant K <pr...@agreeya.com> wrote:
> I see following in the syslogs:
>
> Sep 1 03:14:14 debian systemd[1]: Started Session 53 of user root.
>
> Sep 1 03:15:36 debian guacd[897]: Creating new client for protocol "rdp"
>
> Sep 1 03:15:36 debian guacd[897]: Connection ID is
> "$df64bc90-f57d-419b-b06c-65ddaddd3e16"
>
> Sep 1 03:15:36 debian guacd[6628]: No security mode specified. Defaulting
> to security mode negotiation with server.
>
> Sep 1 03:15:36 debian guacd[6628]: Resize method: none
>
> Sep 1 03:15:36 debian guacd[6628]: User
> "@756f9962-0528-43ac-81cd-f035a9f7c5a6" joined connection
> "$df64bc90-f57d-419b-b06c-65ddaddd3e16" (1 users now present)
>
> Sep 1 03:15:36 debian guacd[6628]: Loading keymap "base"
>
> Sep 1 03:15:36 debian guacd[6628]: Loading keymap "en-us-qwerty"
>
> Sep 1 03:15:36 debian guacd[6628]: Certificate validation failed
>
> Sep 1 03:15:36 debian guacd[6628]: Error connecting to RDP server
>
> Sep 1 03:15:36 debian guacd[6628]: User
> "@756f9962-0528-43ac-81cd-f035a9f7c5a6" disconnected (0 users remain)
>
> Sep 1 03:15:36 debian guacd[6628]: Last user of connection
> "$df64bc90-f57d-419b-b06c-65ddaddd3e16" disconnected
>
> Sep 1 03:15:36 debian guacd[897]: Connection
> "$df64bc90-f57d-419b-b06c-65ddaddd3e16" removed.
>
>
>
> Can you please send me a sample JSON with “*ignore-cert*” and “*security*”
> parameters?
>
The "ignore-cert" parameter should be in the "parameters" section of the
JSON, not up in the top with the username/expires. ignore-cert is a
connection parameter.
-Nick
>
RE: guacamole-auth-json is not working
Posted by Prashant K <pr...@agreeya.com>.
I see following in the syslogs:
Sep 1 03:14:14 debian systemd[1]: Started Session 53 of user root.
Sep 1 03:15:36 debian guacd[897]: Creating new client for protocol "rdp"
Sep 1 03:15:36 debian guacd[897]: Connection ID is "$df64bc90-f57d-419b-b06c-65ddaddd3e16"
Sep 1 03:15:36 debian guacd[6628]: No security mode specified. Defaulting to security mode negotiation with server.
Sep 1 03:15:36 debian guacd[6628]: Resize method: none
Sep 1 03:15:36 debian guacd[6628]: User "@756f9962-0528-43ac-81cd-f035a9f7c5a6" joined connection "$df64bc90-f57d-419b-b06c-65ddaddd3e16" (1 users now present)
Sep 1 03:15:36 debian guacd[6628]: Loading keymap "base"
Sep 1 03:15:36 debian guacd[6628]: Loading keymap "en-us-qwerty"
Sep 1 03:15:36 debian guacd[6628]: Certificate validation failed
Sep 1 03:15:36 debian guacd[6628]: Error connecting to RDP server
Sep 1 03:15:36 debian guacd[6628]: User "@756f9962-0528-43ac-81cd-f035a9f7c5a6" disconnected (0 users remain)
Sep 1 03:15:36 debian guacd[6628]: Last user of connection "$df64bc90-f57d-419b-b06c-65ddaddd3e16" disconnected
Sep 1 03:15:36 debian guacd[897]: Connection "$df64bc90-f57d-419b-b06c-65ddaddd3e16" removed.
Can you please send me a sample JSON with “ignore-cert” and “security” parameters?
I am using below JSON which is failing:
{
"username" : "administrator",
"expires" : "1599764011",
"ignore-cert" : "true",
"connections" :
{
"SQLDB" :
{
"protocol" : "rdp",
"parameters" :
{
"hostname" : "10.9.31.85",
"port" : "3389",
}
}
}
}
Prashant K
+91-120-4394400 430 D | +91-7428905742 C
prashant.k@agreeya.com<ma...@agreeya.com>
[cid:image001.jpg@01D6807F.F6E987B0]<http://www.agreeya.com/>
AgreeYa Solutions | www.agreeya.com<http://www.agreeya.com/>
From: Mike Jumper <mj...@apache.org>
Sent: Tuesday, September 1, 2020 4:30 AM
To: user@guacamole.apache.org
Subject: Re: guacamole-auth-json is not working
The message below indicates an orderly disconnect on the web application side. Given how brief that connection is, it looks like the underlying RDP connection has failed early in the connection process. You would need to check the guacd logs to see what might be going wrong there, but the cause is most likely incorrect connection parameters within your JSON.
- Mike
On Mon, Aug 31, 2020 at 12:17 PM Prashant K <pr...@agreeya.com>> wrote:
Hi Nick,
You are absolutely correct, guacd didn’t automatically started when I rebooted the server.
So the below error is resolved with guacd service start, but now it is throwing below error:
12:05:30.646 [http-nio-8080-exec-9] DEBUG o.a.g.net.InetGuacamoleSocket - Connecting to guacd at localhost:4822.
12:05:30.784 [http-nio-8080-exec-9] INFO o.a.g.tunnel.TunnelRequestService - User "administrator" connected to connection "BMC-CLONE".
Exception in thread "Thread-124" java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed
12:05:30.975 [http-nio-8080-exec-5] INFO o.a.g.tunnel.TunnelRequestService - User "administrator" disconnected from connection "BMC-CLONE". Duration: 189 milliseconds
12:05:30.976 [http-nio-8080-exec-5] DEBUG o.a.g.net.InetGuacamoleSocket - Closing socket to guacd.
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:430)
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:309)
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:250)
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:191)
at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37)
at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.sendInstruction(GuacamoleWebSocketTunnelEndpoint.java:152)
at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.access$200(GuacamoleWebSocketTunnelEndpoint.java:53)
at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:253)
Regards,
Prashant
From: Nick Couchman <vn...@apache.org>>
Sent: Monday, August 31, 2020 7:47 PM
To: user@guacamole.apache.org<ma...@guacamole.apache.org>
Subject: Re: guacamole-auth-json is not working
On Mon, Aug 31, 2020 at 9:04 AM Prashant K <pr...@agreeya.com>> wrote:
Thanks for the prompt response guys.
I resolved the permission denied issue, the issue was json extension was not properly installed. I reinstalled the extension and now I can generate the token using curl command.
But when I use that token in the browser connection fails with below error in the Tomcat:
05:57:15.777 [http-nio-8080-exec-1] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".
05:57:15.930 [http-nio-8080-exec-2] DEBUG o.a.g.net.InetGuacamoleSocket - Connecting to guacd at localhost:4822.
05:57:15.939 [http-nio-8080-exec-2] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: java.net.ConnectException: Connection refused (Connection refused)
05:57:15.949 [http-nio-8080-exec-2] DEBUG o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Error connecting WebSocket tunnel.
org.apache.guacamole.GuacamoleServerException: java.net.ConnectException: Connection refused (Connection refused)
at org.apache.guacamole.net.InetGuacamoleSocket.<init>(InetGuacamoleSocket.java:114) ~[guacamole-common-1.1.0.jar:na]
at org.glyptodon.guacamole.auth.json.connection.ConnectionService.connect(ConnectionService.java:231) ~[na:na]
at org.glyptodon.guacamole.auth.json.user.UserDataConnection.connect(UserDataConnection.java:195) ~[na:na]
at org.apache.guacamole.net.auth.Connectable.connect(Connectable.java:96) ~[classes/:na]
at org.apache.guacamole.tunnel.TunnelRequestService.createConnectedTunnel(TunnelRequestService.java:216) ~[classes/:na]
at org.apache.guacamole.tunnel.TunnelRequestService.createTunnel(TunnelRequestService.java:347) ~[classes/:na]
at org.apache.guacamole.tunnel.websocket.RestrictedGuacamoleWebSocketTunnelEndpoint.createTunnel(RestrictedGuacamoleWebSocketTunnelEndpoint.java:113) ~[classes/:na]
at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.onOpen(GuacamoleWebSocketTunnelEndpoint.java:200) ~[guacamole-common-1.1.0.jar:na]
at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:133) ~[tomcat-websocket.jar:9.0.36]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:914) ~[tomcat-coyote.jar:9.0.36]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) ~[tomcat-coyote.jar:9.0.36]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:9.0.36]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[na:na]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:9.0.36]
at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method) ~[na:na]
at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399) ~[na:na]
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242) ~[na:na]
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224) ~[na:na]
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:403) ~[na:na]
at java.base/java.net.Socket.connect(Socket.java:609) ~[na:na]
at org.apache.guacamole.net.InetGuacamoleSocket.<init>(InetGuacamoleSocket.java:100) ~[guacamole-common-1.1.0.jar:na]
... 15 common frames omitted
Please suggest.
Is guacd running and accessible?
-Nick
Re: guacamole-auth-json is not working
Posted by Mike Jumper <mj...@apache.org>.
The message below indicates an orderly disconnect on the web application
side. Given how brief that connection is, it looks like the underlying RDP
connection has failed early in the connection process. You would need to
check the guacd logs to see what might be going wrong there, but the cause
is most likely incorrect connection parameters within your JSON.
- Mike
On Mon, Aug 31, 2020 at 12:17 PM Prashant K <pr...@agreeya.com> wrote:
> Hi Nick,
>
> You are absolutely correct, guacd didn’t automatically started when I
> rebooted the server.
>
> So the below error is resolved with guacd service start, but now it is
> throwing below error:
>
>
>
> 12:05:30.646 [http-nio-8080-exec-9] DEBUG o.a.g.net.InetGuacamoleSocket -
> Connecting to guacd at localhost:4822.
>
> 12:05:30.784 [http-nio-8080-exec-9] INFO
> o.a.g.tunnel.TunnelRequestService - User "administrator" connected to
> connection "BMC-CLONE".
>
> Exception in thread "Thread-124" java.lang.IllegalStateException: Message
> will not be sent because the WebSocket session has been closed
>
> 12:05:30.975 [http-nio-8080-exec-5] INFO
> o.a.g.tunnel.TunnelRequestService - User "administrator" disconnected from
> connection "BMC-CLONE". Duration: 189 milliseconds
>
> 12:05:30.976 [http-nio-8080-exec-5] DEBUG o.a.g.net.InetGuacamoleSocket -
> Closing socket to guacd.
>
> at
> org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:430)
>
> at
> org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:309)
>
> at
> org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:250)
>
> at
> org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:191)
>
> at
> org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37)
>
> at
> org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.sendInstruction(GuacamoleWebSocketTunnelEndpoint.java:152)
>
> at
> org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.access$200(GuacamoleWebSocketTunnelEndpoint.java:53)
>
> at
> org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:253)
>
>
>
> Regards,
>
> Prashant
>
> *From:* Nick Couchman <vn...@apache.org>
> *Sent:* Monday, August 31, 2020 7:47 PM
> *To:* user@guacamole.apache.org
> *Subject:* Re: guacamole-auth-json is not working
>
>
>
> On Mon, Aug 31, 2020 at 9:04 AM Prashant K <pr...@agreeya.com> wrote:
>
> Thanks for the prompt response guys.
>
> I resolved the permission denied issue, the issue was json extension was
> not properly installed. I reinstalled the extension and now I can generate
> the token using curl command.
>
>
>
> But when I use that token in the browser connection fails with below error
> in the Tomcat:
>
>
>
> 05:57:15.777 [http-nio-8080-exec-1] INFO
> o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".
>
> 05:57:15.930 [http-nio-8080-exec-2] DEBUG o.a.g.net.InetGuacamoleSocket -
> Connecting to guacd at localhost:4822.
>
> 05:57:15.939 [http-nio-8080-exec-2] ERROR
> o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to
> guacd failed: java.net.ConnectException: Connection refused (Connection
> refused)
>
> 05:57:15.949 [http-nio-8080-exec-2] DEBUG
> o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Error connecting WebSocket
> tunnel.
>
> org.apache.guacamole.GuacamoleServerException: java.net.ConnectException:
> Connection refused (Connection refused)
>
> at
> org.apache.guacamole.net.InetGuacamoleSocket.<init>(InetGuacamoleSocket.java:114)
> ~[guacamole-common-1.1.0.jar:na]
>
> at
> org.glyptodon.guacamole.auth.json.connection.ConnectionService.connect(ConnectionService.java:231)
> ~[na:na]
>
> at
> org.glyptodon.guacamole.auth.json.user.UserDataConnection.connect(UserDataConnection.java:195)
> ~[na:na]
>
> at
> org.apache.guacamole.net.auth.Connectable.connect(Connectable.java:96)
> ~[classes/:na]
>
> at
> org.apache.guacamole.tunnel.TunnelRequestService.createConnectedTunnel(TunnelRequestService.java:216)
> ~[classes/:na]
>
> at
> org.apache.guacamole.tunnel.TunnelRequestService.createTunnel(TunnelRequestService.java:347)
> ~[classes/:na]
>
> at
> org.apache.guacamole.tunnel.websocket.RestrictedGuacamoleWebSocketTunnelEndpoint.createTunnel(RestrictedGuacamoleWebSocketTunnelEndpoint.java:113)
> ~[classes/:na]
>
> at
> org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.onOpen(GuacamoleWebSocketTunnelEndpoint.java:200)
> ~[guacamole-common-1.1.0.jar:na]
>
> at
> org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:133)
> ~[tomcat-websocket.jar:9.0.36]
>
> at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:914)
> ~[tomcat-coyote.jar:9.0.36]
>
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)
> ~[tomcat-coyote.jar:9.0.36]
>
> at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> ~[tomcat-coyote.jar:9.0.36]
>
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> ~[na:na]
>
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> ~[na:na]
>
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> ~[tomcat-util.jar:9.0.36]
>
> at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]
>
> Caused by: java.net.ConnectException: Connection refused (Connection
> refused)
>
> at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
> ~[na:na]
>
> at
> java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
> ~[na:na]
>
> at
> java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
> ~[na:na]
>
> at
> java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
> ~[na:na]
>
> at
> java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:403)
> ~[na:na]
>
> at java.base/java.net.Socket.connect(Socket.java:609) ~[na:na]
>
> at
> org.apache.guacamole.net.InetGuacamoleSocket.<init>(InetGuacamoleSocket.java:100)
> ~[guacamole-common-1.1.0.jar:na]
>
> ... 15 common frames omitted
>
>
>
> Please suggest.
>
>
>
>
>
> Is guacd running and accessible?
>
>
>
> -Nick
>
RE: guacamole-auth-json is not working
Posted by Prashant K <pr...@agreeya.com>.
Hi Nick,
You are absolutely correct, guacd didn’t automatically started when I rebooted the server.
So the below error is resolved with guacd service start, but now it is throwing below error:
12:05:30.646 [http-nio-8080-exec-9] DEBUG o.a.g.net.InetGuacamoleSocket - Connecting to guacd at localhost:4822.
12:05:30.784 [http-nio-8080-exec-9] INFO o.a.g.tunnel.TunnelRequestService - User "administrator" connected to connection "BMC-CLONE".
Exception in thread "Thread-124" java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed
12:05:30.975 [http-nio-8080-exec-5] INFO o.a.g.tunnel.TunnelRequestService - User "administrator" disconnected from connection "BMC-CLONE". Duration: 189 milliseconds
12:05:30.976 [http-nio-8080-exec-5] DEBUG o.a.g.net.InetGuacamoleSocket - Closing socket to guacd.
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:430)
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:309)
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:250)
at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:191)
at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37)
at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.sendInstruction(GuacamoleWebSocketTunnelEndpoint.java:152)
at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.access$200(GuacamoleWebSocketTunnelEndpoint.java:53)
at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:253)
Regards,
Prashant
From: Nick Couchman <vn...@apache.org>
Sent: Monday, August 31, 2020 7:47 PM
To: user@guacamole.apache.org
Subject: Re: guacamole-auth-json is not working
On Mon, Aug 31, 2020 at 9:04 AM Prashant K <pr...@agreeya.com>> wrote:
Thanks for the prompt response guys.
I resolved the permission denied issue, the issue was json extension was not properly installed. I reinstalled the extension and now I can generate the token using curl command.
But when I use that token in the browser connection fails with below error in the Tomcat:
05:57:15.777 [http-nio-8080-exec-1] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".
05:57:15.930 [http-nio-8080-exec-2] DEBUG o.a.g.net.InetGuacamoleSocket - Connecting to guacd at localhost:4822.
05:57:15.939 [http-nio-8080-exec-2] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: java.net.ConnectException: Connection refused (Connection refused)
05:57:15.949 [http-nio-8080-exec-2] DEBUG o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Error connecting WebSocket tunnel.
org.apache.guacamole.GuacamoleServerException: java.net.ConnectException: Connection refused (Connection refused)
at org.apache.guacamole.net.InetGuacamoleSocket.<init>(InetGuacamoleSocket.java:114) ~[guacamole-common-1.1.0.jar:na]
at org.glyptodon.guacamole.auth.json.connection.ConnectionService.connect(ConnectionService.java:231) ~[na:na]
at org.glyptodon.guacamole.auth.json.user.UserDataConnection.connect(UserDataConnection.java:195) ~[na:na]
at org.apache.guacamole.net.auth.Connectable.connect(Connectable.java:96) ~[classes/:na]
at org.apache.guacamole.tunnel.TunnelRequestService.createConnectedTunnel(TunnelRequestService.java:216) ~[classes/:na]
at org.apache.guacamole.tunnel.TunnelRequestService.createTunnel(TunnelRequestService.java:347) ~[classes/:na]
at org.apache.guacamole.tunnel.websocket.RestrictedGuacamoleWebSocketTunnelEndpoint.createTunnel(RestrictedGuacamoleWebSocketTunnelEndpoint.java:113) ~[classes/:na]
at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.onOpen(GuacamoleWebSocketTunnelEndpoint.java:200) ~[guacamole-common-1.1.0.jar:na]
at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:133) ~[tomcat-websocket.jar:9.0.36]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:914) ~[tomcat-coyote.jar:9.0.36]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) ~[tomcat-coyote.jar:9.0.36]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:9.0.36]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[na:na]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:9.0.36]
at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method) ~[na:na]
at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399) ~[na:na]
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242) ~[na:na]
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224) ~[na:na]
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:403) ~[na:na]
at java.base/java.net.Socket.connect(Socket.java:609) ~[na:na]
at org.apache.guacamole.net.InetGuacamoleSocket.<init>(InetGuacamoleSocket.java:100) ~[guacamole-common-1.1.0.jar:na]
... 15 common frames omitted
Please suggest.
Is guacd running and accessible?
-Nick
Re: guacamole-auth-json is not working
Posted by Nick Couchman <vn...@apache.org>.
On Mon, Aug 31, 2020 at 9:04 AM Prashant K <pr...@agreeya.com> wrote:
> Thanks for the prompt response guys.
>
> I resolved the permission denied issue, the issue was json extension was
> not properly installed. I reinstalled the extension and now I can generate
> the token using curl command.
>
>
>
> But when I use that token in the browser connection fails with below error
> in the Tomcat:
>
>
>
> 05:57:15.777 [http-nio-8080-exec-1] INFO
> o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".
>
> 05:57:15.930 [http-nio-8080-exec-2] DEBUG o.a.g.net.InetGuacamoleSocket -
> Connecting to guacd at localhost:4822.
>
> 05:57:15.939 [http-nio-8080-exec-2] ERROR
> o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to
> guacd failed: java.net.ConnectException: Connection refused (Connection
> refused)
>
> 05:57:15.949 [http-nio-8080-exec-2] DEBUG
> o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Error connecting WebSocket
> tunnel.
>
> org.apache.guacamole.GuacamoleServerException: java.net.ConnectException:
> Connection refused (Connection refused)
>
> at
> org.apache.guacamole.net.InetGuacamoleSocket.<init>(InetGuacamoleSocket.java:114)
> ~[guacamole-common-1.1.0.jar:na]
>
> at
> org.glyptodon.guacamole.auth.json.connection.ConnectionService.connect(ConnectionService.java:231)
> ~[na:na]
>
> at
> org.glyptodon.guacamole.auth.json.user.UserDataConnection.connect(UserDataConnection.java:195)
> ~[na:na]
>
> at
> org.apache.guacamole.net.auth.Connectable.connect(Connectable.java:96)
> ~[classes/:na]
>
> at
> org.apache.guacamole.tunnel.TunnelRequestService.createConnectedTunnel(TunnelRequestService.java:216)
> ~[classes/:na]
>
> at
> org.apache.guacamole.tunnel.TunnelRequestService.createTunnel(TunnelRequestService.java:347)
> ~[classes/:na]
>
> at
> org.apache.guacamole.tunnel.websocket.RestrictedGuacamoleWebSocketTunnelEndpoint.createTunnel(RestrictedGuacamoleWebSocketTunnelEndpoint.java:113)
> ~[classes/:na]
>
> at
> org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.onOpen(GuacamoleWebSocketTunnelEndpoint.java:200)
> ~[guacamole-common-1.1.0.jar:na]
>
> at
> org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:133)
> ~[tomcat-websocket.jar:9.0.36]
>
> at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:914)
> ~[tomcat-coyote.jar:9.0.36]
>
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)
> ~[tomcat-coyote.jar:9.0.36]
>
> at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> ~[tomcat-coyote.jar:9.0.36]
>
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> ~[na:na]
>
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> ~[na:na]
>
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> ~[tomcat-util.jar:9.0.36]
>
> at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]
>
> Caused by: java.net.ConnectException: Connection refused (Connection
> refused)
>
> at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
> ~[na:na]
>
> at
> java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
> ~[na:na]
>
> at
> java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
> ~[na:na]
>
> at
> java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
> ~[na:na]
>
> at
> java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:403)
> ~[na:na]
>
> at java.base/java.net.Socket.connect(Socket.java:609) ~[na:na]
>
> at
> org.apache.guacamole.net.InetGuacamoleSocket.<init>(InetGuacamoleSocket.java:100)
> ~[guacamole-common-1.1.0.jar:na]
>
> ... 15 common frames omitted
>
>
>
> Please suggest.
>
>
>
Is guacd running and accessible?
-Nick
>
RE: guacamole-auth-json is not working
Posted by Prashant K <pr...@agreeya.com>.
Thanks for the prompt response guys.
I resolved the permission denied issue, the issue was json extension was not properly installed. I reinstalled the extension and now I can generate the token using curl command.
But when I use that token in the browser connection fails with below error in the Tomcat:
05:57:15.777 [http-nio-8080-exec-1] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".
05:57:15.930 [http-nio-8080-exec-2] DEBUG o.a.g.net.InetGuacamoleSocket - Connecting to guacd at localhost:4822.
05:57:15.939 [http-nio-8080-exec-2] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: java.net.ConnectException: Connection refused (Connection refused)
05:57:15.949 [http-nio-8080-exec-2] DEBUG o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Error connecting WebSocket tunnel.
org.apache.guacamole.GuacamoleServerException: java.net.ConnectException: Connection refused (Connection refused)
at org.apache.guacamole.net.InetGuacamoleSocket.<init>(InetGuacamoleSocket.java:114) ~[guacamole-common-1.1.0.jar:na]
at org.glyptodon.guacamole.auth.json.connection.ConnectionService.connect(ConnectionService.java:231) ~[na:na]
at org.glyptodon.guacamole.auth.json.user.UserDataConnection.connect(UserDataConnection.java:195) ~[na:na]
at org.apache.guacamole.net.auth.Connectable.connect(Connectable.java:96) ~[classes/:na]
at org.apache.guacamole.tunnel.TunnelRequestService.createConnectedTunnel(TunnelRequestService.java:216) ~[classes/:na]
at org.apache.guacamole.tunnel.TunnelRequestService.createTunnel(TunnelRequestService.java:347) ~[classes/:na]
at org.apache.guacamole.tunnel.websocket.RestrictedGuacamoleWebSocketTunnelEndpoint.createTunnel(RestrictedGuacamoleWebSocketTunnelEndpoint.java:113) ~[classes/:na]
at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.onOpen(GuacamoleWebSocketTunnelEndpoint.java:200) ~[guacamole-common-1.1.0.jar:na]
at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:133) ~[tomcat-websocket.jar:9.0.36]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:914) ~[tomcat-coyote.jar:9.0.36]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) ~[tomcat-coyote.jar:9.0.36]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:9.0.36]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[na:na]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:9.0.36]
at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method) ~[na:na]
at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399) ~[na:na]
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242) ~[na:na]
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224) ~[na:na]
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:403) ~[na:na]
at java.base/java.net.Socket.connect(Socket.java:609) ~[na:na]
at org.apache.guacamole.net.InetGuacamoleSocket.<init>(InetGuacamoleSocket.java:100) ~[guacamole-common-1.1.0.jar:na]
... 15 common frames omitted
Please suggest.
Regards,
Prashant
From: Nick Couchman <vn...@apache.org>
Sent: Monday, August 31, 2020 3:53 PM
To: user@guacamole.apache.org
Subject: Re: guacamole-auth-json is not working
On Mon, Aug 31, 2020 at 5:01 AM Prashant K <pr...@agreeya.com>> wrote:
Hello All,
I am new to Guacamole and recently installed it on Linux debian 4.19
Its GUI is working fine with the credentials in the Usermapping.xml and now I am trying to use the guacamole-auth-json.
I have followed the steps mentioned at https://github.com/glyptodon/guacamole-auth-json and checking the Reference implementation first.
But when I am posting the data to the Rest API using curl it is failing with below error:
root@debian:~# curl --data-urlencode "data=Bbg91V2NX0yUFc/fq1pl8e+mwg10qSWSRT5AmJWERt+ctO+jNy0sE96knvgD6HwU5EoV0lIfgrCzXi3qMRWmw2QDxBKjGuB8qIiHFasvoAOMLTgrlzdeqicQu2LJoOCVZErDLp/mpc0VaiAL3zuT+fOVphEQ0igNqMCaMlNMzkUQW6UPLoXYG+ouo5jvdK/0asydMjJKt797+Sl+Ir1+wK9flKpQgRxLac/MXwR5X7jPKqrlH5eTCG6s0MVEDG+ejNis3Mwow4jjpE5u6a+7e1R7tct9MIgUmNtcq/4b+APz6h2Fb9zQLzOgrycmiGlV4N1vfmGMNQEAqpRPPaQX8hun0LBNHYLAa2kwpHg8LxCDsIuYAFpVJeScm1kdWol6byq1GJx9gjauazTuwaMYGg72EjImVdqjsG96+ceNDjOdJwkL4gu32Az1Dxap7Er6PECMzcCpP61ItEvBkRYkQg==" http://10.9.31.33:8080/guacamole/api/tokens
{"message":"Permission Denied.","translatableMessage":{"key":"Permission Denied.","variables":null},"statusCode":null,"expected":[{"name":"username","type":"USERNAME"},{"name":"password","type":"PASSWORD"}],"type":"INVALID_CREDENTIALS"}root@debian:~
Please suggest where to look into to resolve this issue?
From the page:
> If the data is invalid in any way, if the signature does not match, if decryption or signature verification fails, or if the submitted data has expired, the REST service will return an invalid credentials error and fail without user-visible explanation. Details describing the error that occurred will be in the Tomcat logs, however.
Mike can probably help a little more with this than I can, but I'd suggest looking at the Tomcat logs for your particular install and see what is being logged, there.
-Nick
RE: guacamole-auth-json is not working
Posted by Prashant K <pr...@agreeya.com>.
Thanks for the prompt response guys.
I resolved the permission denied issue, the issue was json extension was not properly installed. I reinstalled the extension and now I can generate the token using curl command.
But when I use that token in the browser connection fails with below error in the Tomcat:
05:57:15.777 [http-nio-8080-exec-1] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".
05:57:15.930 [http-nio-8080-exec-2] DEBUG o.a.g.net.InetGuacamoleSocket - Connecting to guacd at localhost:4822.
05:57:15.939 [http-nio-8080-exec-2] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: java.net.ConnectException: Connection refused (Connection refused)
05:57:15.949 [http-nio-8080-exec-2] DEBUG o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Error connecting WebSocket tunnel.
org.apache.guacamole.GuacamoleServerException: java.net.ConnectException: Connection refused (Connection refused)
at org.apache.guacamole.net.InetGuacamoleSocket.<init>(InetGuacamoleSocket.java:114) ~[guacamole-common-1.1.0.jar:na]
at org.glyptodon.guacamole.auth.json.connection.ConnectionService.connect(ConnectionService.java:231) ~[na:na]
at org.glyptodon.guacamole.auth.json.user.UserDataConnection.connect(UserDataConnection.java:195) ~[na:na]
at org.apache.guacamole.net.auth.Connectable.connect(Connectable.java:96) ~[classes/:na]
at org.apache.guacamole.tunnel.TunnelRequestService.createConnectedTunnel(TunnelRequestService.java:216) ~[classes/:na]
at org.apache.guacamole.tunnel.TunnelRequestService.createTunnel(TunnelRequestService.java:347) ~[classes/:na]
at org.apache.guacamole.tunnel.websocket.RestrictedGuacamoleWebSocketTunnelEndpoint.createTunnel(RestrictedGuacamoleWebSocketTunnelEndpoint.java:113) ~[classes/:na]
at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.onOpen(GuacamoleWebSocketTunnelEndpoint.java:200) ~[guacamole-common-1.1.0.jar:na]
at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:133) ~[tomcat-websocket.jar:9.0.36]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:914) ~[tomcat-coyote.jar:9.0.36]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) ~[tomcat-coyote.jar:9.0.36]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:9.0.36]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[na:na]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:9.0.36]
at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method) ~[na:na]
at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399) ~[na:na]
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242) ~[na:na]
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224) ~[na:na]
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:403) ~[na:na]
at java.base/java.net.Socket.connect(Socket.java:609) ~[na:na]
at org.apache.guacamole.net.InetGuacamoleSocket.<init>(InetGuacamoleSocket.java:100) ~[guacamole-common-1.1.0.jar:na]
... 15 common frames omitted
Please suggest.
Regards,
Prashant
From: Nick Couchman <vn...@apache.org>
Sent: Monday, August 31, 2020 3:53 PM
To: user@guacamole.apache.org
Subject: Re: guacamole-auth-json is not working
On Mon, Aug 31, 2020 at 5:01 AM Prashant K <pr...@agreeya.com>> wrote:
Hello All,
I am new to Guacamole and recently installed it on Linux debian 4.19
Its GUI is working fine with the credentials in the Usermapping.xml and now I am trying to use the guacamole-auth-json.
I have followed the steps mentioned at https://github.com/glyptodon/guacamole-auth-json and checking the Reference implementation first.
But when I am posting the data to the Rest API using curl it is failing with below error:
root@debian:~# curl --data-urlencode "data=Bbg91V2NX0yUFc/fq1pl8e+mwg10qSWSRT5AmJWERt+ctO+jNy0sE96knvgD6HwU5EoV0lIfgrCzXi3qMRWmw2QDxBKjGuB8qIiHFasvoAOMLTgrlzdeqicQu2LJoOCVZErDLp/mpc0VaiAL3zuT+fOVphEQ0igNqMCaMlNMzkUQW6UPLoXYG+ouo5jvdK/0asydMjJKt797+Sl+Ir1+wK9flKpQgRxLac/MXwR5X7jPKqrlH5eTCG6s0MVEDG+ejNis3Mwow4jjpE5u6a+7e1R7tct9MIgUmNtcq/4b+APz6h2Fb9zQLzOgrycmiGlV4N1vfmGMNQEAqpRPPaQX8hun0LBNHYLAa2kwpHg8LxCDsIuYAFpVJeScm1kdWol6byq1GJx9gjauazTuwaMYGg72EjImVdqjsG96+ceNDjOdJwkL4gu32Az1Dxap7Er6PECMzcCpP61ItEvBkRYkQg==" http://10.9.31.33:8080/guacamole/api/tokens
{"message":"Permission Denied.","translatableMessage":{"key":"Permission Denied.","variables":null},"statusCode":null,"expected":[{"name":"username","type":"USERNAME"},{"name":"password","type":"PASSWORD"}],"type":"INVALID_CREDENTIALS"}root@debian:~
Please suggest where to look into to resolve this issue?
From the page:
> If the data is invalid in any way, if the signature does not match, if decryption or signature verification fails, or if the submitted data has expired, the REST service will return an invalid credentials error and fail without user-visible explanation. Details describing the error that occurred will be in the Tomcat logs, however.
Mike can probably help a little more with this than I can, but I'd suggest looking at the Tomcat logs for your particular install and see what is being logged, there.
-Nick
Re: guacamole-auth-json is not working
Posted by Nick Couchman <vn...@apache.org>.
On Mon, Aug 31, 2020 at 5:01 AM Prashant K <pr...@agreeya.com> wrote:
> Hello All,
>
> I am new to Guacamole and recently installed it on Linux debian 4.19
>
> Its GUI is working fine with the credentials in the Usermapping.xml and
> now I am trying to use the guacamole-auth-json.
>
> I have followed the steps mentioned at
> https://github.com/glyptodon/guacamole-auth-json and checking the
> Reference implementation first.
>
> But when I am posting the data to the Rest API using curl it is failing
> with below error:
>
>
>
> root@debian:~# curl --data-urlencode
> "data=Bbg91V2NX0yUFc/fq1pl8e+mwg10qSWSRT5AmJWERt+ctO+jNy0sE96knvgD6HwU5EoV0lIfgrCzXi3qMRWmw2QDxBKjGuB8qIiHFasvoAOMLTgrlzdeqicQu2LJoOCVZErDLp/mpc0VaiAL3zuT+fOVphEQ0igNqMCaMlNMzkUQW6UPLoXYG+ouo5jvdK/0asydMjJKt797+Sl+Ir1+wK9flKpQgRxLac/MXwR5X7jPKqrlH5eTCG6s0MVEDG+ejNis3Mwow4jjpE5u6a+7e1R7tct9MIgUmNtcq/4b+APz6h2Fb9zQLzOgrycmiGlV4N1vfmGMNQEAqpRPPaQX8hun0LBNHYLAa2kwpHg8LxCDsIuYAFpVJeScm1kdWol6byq1GJx9gjauazTuwaMYGg72EjImVdqjsG96+ceNDjOdJwkL4gu32Az1Dxap7Er6PECMzcCpP61ItEvBkRYkQg=="
> http://10.9.31.33:8080/guacamole/api/tokens
>
> {"message":"Permission Denied.","translatableMessage":{"key":"Permission
> Denied.","variables":null},"statusCode":null,"expected":[{"name":"username","type":"USERNAME"},{"name":"password","type":"PASSWORD"}],"type":"INVALID_CREDENTIALS"}root@debian
> :~
>
>
>
> Please suggest where to look into to resolve this issue?
>
>
>
From the page:
> If the data is invalid in any way, if the signature does not match, if
decryption or signature verification fails, or if the submitted data has
expired, the REST service will return an invalid credentials error and fail
without user-visible explanation. Details describing the error that
occurred will be in the Tomcat logs, however.
Mike can probably help a little more with this than I can, but I'd suggest
looking at the Tomcat logs for your particular install and see what is
being logged, there.
-Nick
>