You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@guacamole.apache.org by "Nick Couchman (JIRA)" <ji...@apache.org> on 2018/12/03 15:05:00 UTC

[jira] [Reopened] (GUACAMOLE-598) Fail cleanly if authentication backend is down / misconfigured

     [ https://issues.apache.org/jira/browse/GUACAMOLE-598?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nick Couchman reopened GUACAMOLE-598:
-------------------------------------

Changes from this issue introduce a regression in modules that do not provide a userContext.  For such modules (Header, CAS, RADIUS), the call to /api/session/data/<dataSource>/user/<username> returns a 404 error.  Prior to these changes, that error was silently ignored by the web front-end - after these changes the 404 results in the generic error message.

The specific commit that introduced the regression is:

{quote}
5866c7e251f05c9345f77215713d4549575db2df is the first bad commit
commit 5866c7e251f05c9345f77215713d4549575db2df
Author: Michael Jumper <mj...@apache.org>
Date:   Tue Jun 26 22:49:06 2018 -0700

    GUACAMOLE-598: Abort rendering of pages if critical data fails to load (data without which the page is non-functional).
{quote}

> Fail cleanly if authentication backend is down / misconfigured
> --------------------------------------------------------------
>
>                 Key: GUACAMOLE-598
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-598
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole
>            Reporter: Michael Jumper
>            Assignee: Michael Jumper
>            Priority: Major
>             Fix For: 2.0.0
>
>         Attachments: guac-generic-error.png
>
>
> Depending on the extension in use, it is possible for a backend authentication system (such as a MySQL database, LDAP directory, etc.) to become unreachable or to be fatally misconfigured, resulting in an internal failure during authentication attempts. Because of the way such internal failures are handled, this can cause the Guacamole login screen to fail to display entirely, masking any notification that might advise the user of the failure.
> The authentication system should fail cleanly. As long as doing so does not reveal sensitive information about the system, the fact that an error has occurred should be relayed to the user such that they can contact their administrator or check the relevant logs.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)