You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@guacamole.apache.org by "Nick Couchman (JIRA)" <ji...@apache.org> on 2018/02/04 04:46:00 UTC

[jira] [Commented] (GUACAMOLE-29) Add support for requesting HTTP Basic Authentication

    [ https://issues.apache.org/jira/browse/GUACAMOLE-29?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16351633#comment-16351633 ] 

Nick Couchman commented on GUACAMOLE-29:
----------------------------------------

So, [~mike.jumper], for this particular issue, is it:
* Worth doing?
* Worth doing in the main Guacamole application?
* Worth trying to do in an extension, instead?
* Not worth it, since the HTTP Header extension is available?

I took a look at the origin pull request submitted on the Glyptodon repo, and the code has changed significantly since then, and I'm not sure it makes sense at all to try to override the status code being sent back.  In the current version the CLIENT_UNAUTHORIZED status is pushed over to a 403 status code instead of 401, with specific notes about 401 causing potentially unwanted behavior.  Furthermore, the various CredentialException classes seem to rely on this in order to function, as they all throw the CLIENT_UNAUTHORIZED status instead of CLIENT_FORBIDDEN.  So, obviously it isn't as simple as just setting the status code to 401, as that would have larger implications.

Thoughts?

> Add support for requesting HTTP Basic Authentication
> ----------------------------------------------------
>
>                 Key: GUACAMOLE-29
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-29
>             Project: Guacamole
>          Issue Type: Improvement
>            Reporter: Michael Jumper
>            Priority: Major
>
> {panel:bgColor=#FFFFEE}
> *The description of this issue was copied from [GUAC-1489|https://glyptodon.org/jira/browse/GUAC-1489], an issue in the JIRA instance used by the Guacamole project prior to its acceptance into the Apache Incubator.*
> Comments, attachments, related issues, and history from prior to acceptance *have not been copied* and can be found instead at the original issue.
> {panel}
> Some reverse proxies support SSO via HTTP Basic authentication if the server requests it with 401 Unauthorized response.
> As Guacamole already reads Authorization header, it looks trivial to add guacamole.properties option such as "enable-http-basic-auth", to tell Guacamole to request HTTP Basic Authentication .
> PR on its way :)
> Thanks!



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)