have got auth-header working - but can't see any "" options

[Jason Haar <ja...@trimble.com>]

Hi there

I've just started playing with guacamole and have successfully got as far
as creating a standalone user-profile (ie username/password)
in user-mapping.xml - some RDP and SSH sessions - all working fine.

So then I got more adventurous and decided on testing auth-header - as we
would run such a beast behind an Apache reverse-proxy - so time to test.
Well I've got the Apache server sending "X-User: email@address", and now
when I connect I see I am automagically logged in as "email@address" -
great! But there's no "profile" (for want of a better term).

So then I edited user-mapping.xml and created a fake account for
"email@address" , and cut-n-pasted my working standalone user profile into
it (ie the same RDP and SSH "<connection>"'s). Restarted tomcat and -
nothing.

Whatever I try, all I get is an empty profile - no actual terminal
services. Also, if I access the account's "Settings", all I get is the
turning "cog wheel" - but nothing actually comes up. If I did that on my
standalone account, I get to change my default language/etc.

Any ideas what I missed?

Thanks

This is guacamole under CentOS-7,
with guacamole-auth-header-0.9.13-incubating.tar.gz

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

Re: have got auth-header working - but can't see any "" options

[Jason Haar <ja...@trimble.com>]

Hi Nick

You hit it on the head - it needs JDBC to work. I figured that out between
sending my email and your reply :-/

With the JDBC module in place, I can create an empty user profile, then
connect via auth-header and get the mapping. And there is a full-blown
connector editor in there too! That needs to be advertised more - that
alone is reason enough to use JDBC :-)

Thanks


On Tue, Oct 10, 2017 at 4:03 PM, Nick Couchman <vn...@apache.org> wrote:

> Jason,
>
> On Mon, Oct 9, 2017 at 10:06 PM, Jason Haar <ja...@trimble.com>
> wrote:
>
>> Hi there
>>
>> I've just started playing with guacamole and have successfully got as far
>> as creating a standalone user-profile (ie username/password)
>> in user-mapping.xml - some RDP and SSH sessions - all working fine.
>>
>> So then I got more adventurous and decided on testing auth-header - as we
>> would run such a beast behind an Apache reverse-proxy - so time to test.
>> Well I've got the Apache server sending "X-User: email@address", and now
>> when I connect I see I am automagically logged in as "email@address" -
>> great! But there's no "profile" (for want of a better term).
>>
>> So then I edited user-mapping.xml and created a fake account for
>> "email@address" , and cut-n-pasted my working standalone user profile
>> into it (ie the same RDP and SSH "<connection>"'s). Restarted tomcat and -
>> nothing.
>>
>> Whatever I try, all I get is an empty profile - no actual terminal
>> services. Also, if I access the account's "Settings", all I get is the
>> turning "cog wheel" - but nothing actually comes up. If I did that on my
>> standalone account, I get to change my default language/etc.
>>
>
> For the spinning cog wheel of infinity, there's a commit in the git master
> repo that I believe will fix this issue.  I doubt it's related to the other
> trouble you're having - the lack of connection mapping.  From what I can
> tell you're doing things right, so not sure why that isn't working.
>
> I would suggest setting up the JDBC authentication module with a MySQL or
> PostgreSQL database.  It takes a few minutes longer, and definitely works
> to layer the JDBC module with the auth-header module (or CAS, LDAP, etc.).
> I can't remember if Mike mentioned something recently about the basic user
> mapping module not working as a layered module or not - I haven't tried
> it.  Either way, I highly recommend using the JDBC module - particularly if
> you plan to scale your deployment at all, it'll be much easier to do that
> with JDBC.
>
> -Nick
>



-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

Re: have got auth-header working - but can't see any "" options

[Nick Couchman <vn...@apache.org>]

Jason,

On Mon, Oct 9, 2017 at 10:06 PM, Jason Haar <ja...@trimble.com> wrote:

> Hi there
>
> I've just started playing with guacamole and have successfully got as far
> as creating a standalone user-profile (ie username/password)
> in user-mapping.xml - some RDP and SSH sessions - all working fine.
>
> So then I got more adventurous and decided on testing auth-header - as we
> would run such a beast behind an Apache reverse-proxy - so time to test.
> Well I've got the Apache server sending "X-User: email@address", and now
> when I connect I see I am automagically logged in as "email@address" -
> great! But there's no "profile" (for want of a better term).
>
> So then I edited user-mapping.xml and created a fake account for
> "email@address" , and cut-n-pasted my working standalone user profile
> into it (ie the same RDP and SSH "<connection>"'s). Restarted tomcat and -
> nothing.
>
> Whatever I try, all I get is an empty profile - no actual terminal
> services. Also, if I access the account's "Settings", all I get is the
> turning "cog wheel" - but nothing actually comes up. If I did that on my
> standalone account, I get to change my default language/etc.
>

For the spinning cog wheel of infinity, there's a commit in the git master
repo that I believe will fix this issue.  I doubt it's related to the other
trouble you're having - the lack of connection mapping.  From what I can
tell you're doing things right, so not sure why that isn't working.

I would suggest setting up the JDBC authentication module with a MySQL or
PostgreSQL database.  It takes a few minutes longer, and definitely works
to layer the JDBC module with the auth-header module (or CAS, LDAP, etc.).
I can't remember if Mike mentioned something recently about the basic user
mapping module not working as a layered module or not - I haven't tried
it.  Either way, I highly recommend using the JDBC module - particularly if
you plan to scale your deployment at all, it'll be much easier to do that
with JDBC.

-Nick