You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Paul A <pa...@thissolution.com> on 2019/05/01 12:41:40 UTC
RE: Sending private-key in json (using API to open session)
Hi Mike
Thanks for getting back to me, appreciate it.
I have put \n at the end of each line – and confirmed with 3 online JSON
validators that its valid JSON. Yet its still not working- keeps asking for
passphrase key.
The issue isn’t the JSON being generated, at the moment I am manually doing
it to confirm its working, and then passing it through your encrypt-json.sh
script to get the output and put that into https://<GACAMOLE>/#/?tokens
<https://contactmonkey.com/api/v1/tracker?cm_session=46fe7273-d1c3-4014-b978-7cbacdfed80a&cm_type=link&cm_link=b887b031-2383-4502-a982-527ac550b1de&cm_destination=https://%3cGACAMOLE%3e/#/?tokens>
to get the token, then passing it to https://<GACAMOLE>/#/?token=
<https://contactmonkey.com/api/v1/tracker?cm_session=46fe7273-d1c3-4014-b978-7cbacdfed80a&cm_type=link&cm_link=e92dd8c9-8b90-4ca6-87d2-8aec2f36814d&cm_destination=https://%3cGACAMOLE%3e/#/?token=>
to
load the page. I am doing it this way to make sure it all works – and doing
this exact thing with using a json that doesn’t have a key, but has a
password works. An ssh’ing into the client machine from this exact server
while passing this rsa_dsa key (via the ssh –I RSA_DSA file) also works
(doenst ask for a password).
So from this, I know the key works using ssh directly, and I know the API
works, and the json file format works when not using a multi line key. But
adding the 2 together fails.
So I am stuck and frustrated as to where else I can look to a resolution.
Thanks again
Paul
*From:* Mike Jumper [mailto:mjumper@apache.org]
*Sent:* Wednesday, 1 May 2019 3:26 AM
*To:* user@guacamole.apache.org
*Subject:* Re: Sending private-key in json (using API to open session)
Hi Paul,
Ultimately, you will need to ensure the JSON is valid JSON. The issue
you're seeing is not due to something specific to Guacamole - you're simply
getting low-level parse errors because the JSON is invalid. It's difficult
to see where exactly the failure lies in the censored JSON snippet, but
overall:
1. Make sure you do not have line breaks within the string. You can have
newlines within a string value, but these need to be represented as "\n".
You don't need to use Windows-style "\r\n" - "\n" will do.
2. Make sure you have not accidentally entered a double-quote within the
string which would cause the string to end and the rest of its value to be
interpreted as raw JSON. I don't believe the private key value would ever
normally have such a character in it, but the solution if it were needed
would be to backslash escape it. The same goes for other characters that
JSON would assign special meaning to within strings, like backslashes
themselves.
If you still see JSON parse failures after this, I suggest opening things
up in a text editor which will not wrap lines, so you can easily tell
whether your private key line still contains line breaks. You might also
try pasting the JSON into a JSON validator, which might give help you find
the specific part in your file that is failing.
If you will be programmatically generating the JSON in practice, the JSON
library you use should take care of automatically and correctly escaping
string values.
- Mike
On Tue, Apr 30, 2019 at 4:36 AM Paul A <pa...@thissolution.com> wrote:
Hi
Does anyone have any ideas on storing the private-key in the json, that
Guacamole can actually read?
Thanks
Paul
-------------------------------------------------------------
Hi
Thanks for replying quickly. What about the encoding of the data, and
encrypting it with the key? Before you can send data to that URL (same as
what we send ours to), you need to do those 2 things, which is done as an
example with the encrypt-json.sh file (provided by Mike)
I gave it a go though I tired to just put some data and got this in postman:
{
"message": "Permission denied.",
"translatableMessage": {
"key": "Permission denied.",
"variables": null
},
"statusCode": null,
"expected": [],
"type": "INVALID_CREDENTIALS"
}
And this in the log file:
[http-nio-8080-exec-20] WARN o.a.g.r.auth.AuthenticationService -
Authentication attempt from [ 172.19.198.2] for user "paul" failed.
-----Original Message-----
From: sciUser [mailto:shulbert@securitycentric.net
<sh...@securitycentric.net>]
Sent: Friday, 26 April 2019 5:10 PM
To: user@guacamole.apache.org
Subject: Re: Sending private-key in json (using API to open session)
How we do it:
We use curl to post :
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d
'username=SOMEUSERNAME&password=SOMEPASSWORD'
https://<Guacamole>/guacamole/api/tokens
<https://contactmonkey.com/api/v1/tracker?cm_session=769b01d0-077b-4977-a792-41bffa59bad0&cm_type=link&cm_link=c818cd5d-b25c-4fec-afa4-d67dd9b3d0ab&cm_destination=https://%3cGuacamole%3e/guacamole/api/tokens>
This will generate a one time token for that user to login with then it
will expire, but the connection will remain as long as the session is
active in the browser. The return/redirect link should look like this:
https://<Guacamole>/guacamole/#/client/?token=5AD2069FD0F6788848BBE23B6095816EA2B5CEBB1EF07F76051010E050C70063
<https://contactmonkey.com/api/v1/tracker?cm_session=769b01d0-077b-4977-a792-41bffa59bad0&cm_type=link&cm_link=9105440c-d4a3-4c88-bdd0-a97ba09f2b4f&cm_destination=https://%3cGuacamole%3e/guacamole/#/client/?token=5AD2069FD0F6788848BBE23B6095816EA2B5CEBB1EF07F76051010E050C70063>
Our Provisioning system does all this on the fly and manages Guacamole
directly.
Hope this helps.
Thank You
--
Sent from:
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
<https://contactmonkey.com/api/v1/tracker?cm_session=769b01d0-077b-4977-a792-41bffa59bad0&cm_type=link&cm_link=b4107129-2a40-41e2-89d3-541d2a56013e&cm_destination=http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/>
[image:
https://contactmonkey.com/api/v1/tracker?cm_session=46fe7273-d1c3-4014-b978-7cbacdfed80a&cm_type=open&cm_user_email=paul@thissolution.com]
Re: Sending private-key in json (using API to open session)
Posted by Mike Jumper <mj...@apache.org>.
On Thu, May 9, 2019 at 6:07 PM Paul A <pa...@thissolution.com> wrote:
> Hi Mike
>
>
>
> I tried both an RSA key and DSA key. I used ssh-keygen -t dsa or
> ssh-keygen -t rsa to generate the keys, and copied the content of the
> appropriate key into the json.
>
>
Would you be able to generate a test key and JSON which reproduce this and
attach that JSON here so we can attempt the same?
- Mike
RE: Sending private-key in json (using API to open session)
Posted by Paul A <pa...@thissolution.com>.
Hi Mike
I tried both an RSA key and DSA key. I used ssh-keygen -t dsa or
ssh-keygen -t rsa to generate the keys, and copied the content of the
appropriate key into the json.
Running guacamole in a pure docker setup – with the containers that you
provided, and even built a new stack of the docker containers on a new
docker host a week back, this pushed the guac version to 1.0.0 – still same
issue.
*From:* Mike Jumper [mailto:mjumper@apache.org]
*Sent:* Friday, 10 May 2019 6:15 AM
*To:* user@guacamole.apache.org
*Subject:* Re: Sending private-key in json (using API to open session)
I believe what you are encountering now is no longer related to the JSON
extension, but rather to the private key in use. If you are sure that there
is no passphrase associated with the key, you are probably seeing a
passphrase prompt because the SSH support within Guacamole is unable to
load the key and is assuming that this is due to the key requiring a
passphrase.
Do you see any messages from guacd regarding the key?
Any idea what specific algorithm was used to produce the key? Earlier
emails mention "RSA_DSA", but an SSH private key would use either RSA or
DSA, not both. It's possible that you are inadvertently using an algorithm
that the version of libssh2 on your system does not support.
- Mike
On Wed, May 8, 2019 at 3:26 PM Paul A <pa...@thissolution.com> wrote:
Hi
Anyone have any ideas?
Thanks
Paul
*From:* Paul A [mailto:paul@thissolution.com]
*Sent:* Thursday, 2 May 2019 9:44 AM
*To:* 'user@guacamole.apache.org' <us...@guacamole.apache.org>
*Subject:* RE: Sending private-key in json (using API to open session)
Hi Mike
I just looked at the logs, and I have not been seeing that error for the
last 2 days of testing, I am just seeing this each time I test:
12:48:53.606 [http-nio-8080-exec-33] INFO
o.a.g.r.auth.AuthenticationService - User "user" successfully authenticated
from [X.X.X.X, 172.19.198.2].
12:49:07.126 [http-nio-8080-exec-47] INFO
o.a.g.tunnel.TunnelRequestService - User "user" connected to connection
"paul".
I see the first line of the log when it connects – and I see this in the
web page:
[image: cid:image001.png@01D500CB.94036830]
Then then doesn’t matter what I enter, it disconnects the web page and I
get the error message on the web page, and then I see the next line in the
log file.
More then happy to deploy a docker stack of guacamole for you to jump in,
if required, or is this now a different issue?
*From:* Mike Jumper [mailto:mjumper@apache.org <mj...@apache.org>]
*Sent:* Thursday, 2 May 2019 5:32 AM
*To:* user@guacamole.apache.org
*Subject:* Re: Sending private-key in json (using API to open session)
On Wed, May 1, 2019 at 5:42 AM Paul A <pa...@thissolution.com> wrote:
Hi Mike
Thanks for getting back to me, appreciate it.
I have put \n at the end of each line – and confirmed with 3 online JSON
validators that its valid JSON. Yet its still not working- keeps asking for
passphrase key.
The issue isn’t the JSON being generated, at the moment I am manually doing
it to confirm its working, and then passing it through your encrypt-json.sh
script to get the output and put that into https://<GACAMOLE>/#/?tokens
<https://contactmonkey.com/api/v1/tracker?cm_session=46fe7273-d1c3-4014-b978-7cbacdfed80a&cm_type=link&cm_link=b887b031-2383-4502-a982-527ac550b1de&cm_destination=https://%3cGACAMOLE%3e/#/?tokens>
to get the token, then passing it to https://<GACAMOLE>/#/?token=
<https://contactmonkey.com/api/v1/tracker?cm_session=46fe7273-d1c3-4014-b978-7cbacdfed80a&cm_type=link&cm_link=e92dd8c9-8b90-4ca6-87d2-8aec2f36814d&cm_destination=https://%3cGACAMOLE%3e/#/?token=>
to
load the page. I am doing it this way to make sure it all works – and doing
this exact thing with using a json that doesn’t have a key, but has a
password works. An ssh’ing into the client machine from this exact server
while passing this rsa_dsa key (via the ssh –I RSA_DSA file) also works
(doenst ask for a password).
So from this, I know the key works using ssh directly, and I know the API
works, and the json file format works when not using a multi line key. But
adding the 2 together fails.
So I am stuck and frustrated as to where else I can look to a resolution.
If you are still seeing:
"ERROR o.g.g.auth.json.user.UserDataService - Received JSON is invalid:
Unexpected character ('-' (code 45)) in numeric value: expected digit (0-9)
to follow minus sign, for valid numeric value at [Source:
java.io.StringReader@32408e9d; line: 1, column: 3]"
Then the only possibility really is that the JSON is invalid. We can take a
look at the JSON, etc., but we would of course need the full JSON. I'd
suggest:
1) Setting up a temporary user on an isolated system with a private key
that you wouldn't mind sending verbatim to a mailing list
2) Encrypting, etc. the JSON with a new, temporary key for
guacamole-auth-json that you will use only for this test
3) Reproduce the problem with the above
4) Send the error(s), the data that you sent to the token service producing
those errors, and the shared key used to encrypt the JSON here.
That would be enough to take a look. Without that, all I can really do is
look at the error that says "JSON is invalid" and say "yep, your JSON is
invalid."
- Mike
[image:
https://contactmonkey.com/api/v1/tracker?cm_session=22bbdddc-b1da-4c48-94d8-eabe07898ae1&cm_type=open&cm_user_email=paul@thissolution.com]
Re: Sending private-key in json (using API to open session)
Posted by Mike Jumper <mj...@apache.org>.
I believe what you are encountering now is no longer related to the JSON
extension, but rather to the private key in use. If you are sure that there
is no passphrase associated with the key, you are probably seeing a
passphrase prompt because the SSH support within Guacamole is unable to
load the key and is assuming that this is due to the key requiring a
passphrase.
Do you see any messages from guacd regarding the key?
Any idea what specific algorithm was used to produce the key? Earlier
emails mention "RSA_DSA", but an SSH private key would use either RSA or
DSA, not both. It's possible that you are inadvertently using an algorithm
that the version of libssh2 on your system does not support.
- Mike
On Wed, May 8, 2019 at 3:26 PM Paul A <pa...@thissolution.com> wrote:
> Hi
>
>
>
>
>
> Anyone have any ideas?
>
>
>
> Thanks
>
>
>
> Paul
>
>
>
> *From:* Paul A [mailto:paul@thissolution.com]
> *Sent:* Thursday, 2 May 2019 9:44 AM
> *To:* 'user@guacamole.apache.org' <us...@guacamole.apache.org>
> *Subject:* RE: Sending private-key in json (using API to open session)
>
>
>
> Hi Mike
>
>
>
> I just looked at the logs, and I have not been seeing that error for the
> last 2 days of testing, I am just seeing this each time I test:
>
> 12:48:53.606 [http-nio-8080-exec-33] INFO
> o.a.g.r.auth.AuthenticationService - User "user" successfully authenticated
> from [X.X.X.X, 172.19.198.2].
>
> 12:49:07.126 [http-nio-8080-exec-47] INFO
> o.a.g.tunnel.TunnelRequestService - User "user" connected to connection
> "paul".
>
>
>
> I see the first line of the log when it connects – and I see this in the
> web page:
>
> [image: cid:image001.png@01D500CB.94036830]
>
>
>
> Then then doesn’t matter what I enter, it disconnects the web page and I
> get the error message on the web page, and then I see the next line in the
> log file.
>
>
>
> More then happy to deploy a docker stack of guacamole for you to jump in,
> if required, or is this now a different issue?
>
>
>
>
>
>
>
> *From:* Mike Jumper [mailto:mjumper@apache.org <mj...@apache.org>]
> *Sent:* Thursday, 2 May 2019 5:32 AM
> *To:* user@guacamole.apache.org
> *Subject:* Re: Sending private-key in json (using API to open session)
>
>
>
> On Wed, May 1, 2019 at 5:42 AM Paul A <pa...@thissolution.com> wrote:
>
> Hi Mike
>
>
>
> Thanks for getting back to me, appreciate it.
>
>
>
> I have put \n at the end of each line – and confirmed with 3 online JSON
> validators that its valid JSON. Yet its still not working- keeps asking for
> passphrase key.
>
>
>
> The issue isn’t the JSON being generated, at the moment I am manually
> doing it to confirm its working, and then passing it through your
> encrypt-json.sh script to get the output and put that into
> https://<GACAMOLE>/#/?tokens
> <https://contactmonkey.com/api/v1/tracker?cm_session=46fe7273-d1c3-4014-b978-7cbacdfed80a&cm_type=link&cm_link=b887b031-2383-4502-a982-527ac550b1de&cm_destination=https://%3cGACAMOLE%3e/#/?tokens>
> to get the token, then passing it to https://<GACAMOLE>/#/?token=
> <https://contactmonkey.com/api/v1/tracker?cm_session=46fe7273-d1c3-4014-b978-7cbacdfed80a&cm_type=link&cm_link=e92dd8c9-8b90-4ca6-87d2-8aec2f36814d&cm_destination=https://%3cGACAMOLE%3e/#/?token=> to
> load the page. I am doing it this way to make sure it all works – and doing
> this exact thing with using a json that doesn’t have a key, but has a
> password works. An ssh’ing into the client machine from this exact server
> while passing this rsa_dsa key (via the ssh –I RSA_DSA file) also works
> (doenst ask for a password).
>
>
>
> So from this, I know the key works using ssh directly, and I know the API
> works, and the json file format works when not using a multi line key. But
> adding the 2 together fails.
>
>
>
> So I am stuck and frustrated as to where else I can look to a resolution.
>
>
>
> If you are still seeing:
>
>
>
> "ERROR o.g.g.auth.json.user.UserDataService - Received JSON is invalid:
> Unexpected character ('-' (code 45)) in numeric value: expected digit (0-9)
> to follow minus sign, for valid numeric value at [Source:
> java.io.StringReader@32408e9d; line: 1, column: 3]"
>
>
>
> Then the only possibility really is that the JSON is invalid. We can take
> a look at the JSON, etc., but we would of course need the full JSON. I'd
> suggest:
>
>
>
> 1) Setting up a temporary user on an isolated system with a private key
> that you wouldn't mind sending verbatim to a mailing list
>
> 2) Encrypting, etc. the JSON with a new, temporary key for
> guacamole-auth-json that you will use only for this test
>
> 3) Reproduce the problem with the above
>
> 4) Send the error(s), the data that you sent to the token service
> producing those errors, and the shared key used to encrypt the JSON here.
>
>
>
> That would be enough to take a look. Without that, all I can really do is
> look at the error that says "JSON is invalid" and say "yep, your JSON is
> invalid."
>
>
>
> - Mike
>
>
>
>
>
> [image:
> https://contactmonkey.com/api/v1/tracker?cm_session=dbcf9890-c8ef-4c93-a604-61994c9e0f05&cm_type=open&cm_user_email=paul@thissolution.com]
>
RE: Sending private-key in json (using API to open session)
Posted by Paul A <pa...@thissolution.com>.
Hi
Anyone have any ideas?
Thanks
Paul
*From:* Paul A [mailto:paul@thissolution.com]
*Sent:* Thursday, 2 May 2019 9:44 AM
*To:* 'user@guacamole.apache.org' <us...@guacamole.apache.org>
*Subject:* RE: Sending private-key in json (using API to open session)
Hi Mike
I just looked at the logs, and I have not been seeing that error for the
last 2 days of testing, I am just seeing this each time I test:
12:48:53.606 [http-nio-8080-exec-33] INFO
o.a.g.r.auth.AuthenticationService - User "user" successfully authenticated
from [X.X.X.X, 172.19.198.2].
12:49:07.126 [http-nio-8080-exec-47] INFO
o.a.g.tunnel.TunnelRequestService - User "user" connected to connection
"paul".
I see the first line of the log when it connects – and I see this in the
web page:
[image: cid:image001.png@01D500CB.94036830]
Then then doesn’t matter what I enter, it disconnects the web page and I
get the error message on the web page, and then I see the next line in the
log file.
More then happy to deploy a docker stack of guacamole for you to jump in,
if required, or is this now a different issue?
*From:* Mike Jumper [mailto:mjumper@apache.org <mj...@apache.org>]
*Sent:* Thursday, 2 May 2019 5:32 AM
*To:* user@guacamole.apache.org
*Subject:* Re: Sending private-key in json (using API to open session)
On Wed, May 1, 2019 at 5:42 AM Paul A <pa...@thissolution.com> wrote:
Hi Mike
Thanks for getting back to me, appreciate it.
I have put \n at the end of each line – and confirmed with 3 online JSON
validators that its valid JSON. Yet its still not working- keeps asking for
passphrase key.
The issue isn’t the JSON being generated, at the moment I am manually doing
it to confirm its working, and then passing it through your encrypt-json.sh
script to get the output and put that into https://<GACAMOLE>/#/?tokens
<https://contactmonkey.com/api/v1/tracker?cm_session=46fe7273-d1c3-4014-b978-7cbacdfed80a&cm_type=link&cm_link=b887b031-2383-4502-a982-527ac550b1de&cm_destination=https://%3cGACAMOLE%3e/#/?tokens>
to get the token, then passing it to https://<GACAMOLE>/#/?token=
<https://contactmonkey.com/api/v1/tracker?cm_session=46fe7273-d1c3-4014-b978-7cbacdfed80a&cm_type=link&cm_link=e92dd8c9-8b90-4ca6-87d2-8aec2f36814d&cm_destination=https://%3cGACAMOLE%3e/#/?token=>
to
load the page. I am doing it this way to make sure it all works – and doing
this exact thing with using a json that doesn’t have a key, but has a
password works. An ssh’ing into the client machine from this exact server
while passing this rsa_dsa key (via the ssh –I RSA_DSA file) also works
(doenst ask for a password).
So from this, I know the key works using ssh directly, and I know the API
works, and the json file format works when not using a multi line key. But
adding the 2 together fails.
So I am stuck and frustrated as to where else I can look to a resolution.
If you are still seeing:
"ERROR o.g.g.auth.json.user.UserDataService - Received JSON is invalid:
Unexpected character ('-' (code 45)) in numeric value: expected digit (0-9)
to follow minus sign, for valid numeric value at [Source:
java.io.StringReader@32408e9d; line: 1, column: 3]"
Then the only possibility really is that the JSON is invalid. We can take a
look at the JSON, etc., but we would of course need the full JSON. I'd
suggest:
1) Setting up a temporary user on an isolated system with a private key
that you wouldn't mind sending verbatim to a mailing list
2) Encrypting, etc. the JSON with a new, temporary key for
guacamole-auth-json that you will use only for this test
3) Reproduce the problem with the above
4) Send the error(s), the data that you sent to the token service producing
those errors, and the shared key used to encrypt the JSON here.
That would be enough to take a look. Without that, all I can really do is
look at the error that says "JSON is invalid" and say "yep, your JSON is
invalid."
- Mike
[image:
https://contactmonkey.com/api/v1/tracker?cm_session=dbcf9890-c8ef-4c93-a604-61994c9e0f05&cm_type=open&cm_user_email=paul@thissolution.com]
RE: Sending private-key in json (using API to open session)
Posted by Paul A <pa...@thissolution.com>.
Hi Mike
I just looked at the logs, and I have not been seeing that error for the
last 2 days of testing, I am just seeing this each time I test:
12:48:53.606 [http-nio-8080-exec-33] INFO
o.a.g.r.auth.AuthenticationService - User "user" successfully authenticated
from [X.X.X.X, 172.19.198.2].
12:49:07.126 [http-nio-8080-exec-47] INFO
o.a.g.tunnel.TunnelRequestService - User "user" connected to connection
"paul".
I see the first line of the log when it connects – and I see this in the
web page:
[image: cid:image001.png@01D500CB.94036830]
Then then doesn’t matter what I enter, it disconnects the web page and I
get the error message on the web page, and then I see the next line in the
log file.
More then happy to deploy a docker stack of guacamole for you to jump in,
if required, or is this now a different issue?
*From:* Mike Jumper [mailto:mjumper@apache.org]
*Sent:* Thursday, 2 May 2019 5:32 AM
*To:* user@guacamole.apache.org
*Subject:* Re: Sending private-key in json (using API to open session)
On Wed, May 1, 2019 at 5:42 AM Paul A <pa...@thissolution.com> wrote:
Hi Mike
Thanks for getting back to me, appreciate it.
I have put \n at the end of each line – and confirmed with 3 online JSON
validators that its valid JSON. Yet its still not working- keeps asking for
passphrase key.
The issue isn’t the JSON being generated, at the moment I am manually doing
it to confirm its working, and then passing it through your encrypt-json.sh
script to get the output and put that into https://<GACAMOLE>/#/?tokens
<https://contactmonkey.com/api/v1/tracker?cm_session=46fe7273-d1c3-4014-b978-7cbacdfed80a&cm_type=link&cm_link=b887b031-2383-4502-a982-527ac550b1de&cm_destination=https://%3cGACAMOLE%3e/#/?tokens>
to get the token, then passing it to https://<GACAMOLE>/#/?token=
<https://contactmonkey.com/api/v1/tracker?cm_session=46fe7273-d1c3-4014-b978-7cbacdfed80a&cm_type=link&cm_link=e92dd8c9-8b90-4ca6-87d2-8aec2f36814d&cm_destination=https://%3cGACAMOLE%3e/#/?token=>
to
load the page. I am doing it this way to make sure it all works – and doing
this exact thing with using a json that doesn’t have a key, but has a
password works. An ssh’ing into the client machine from this exact server
while passing this rsa_dsa key (via the ssh –I RSA_DSA file) also works
(doenst ask for a password).
So from this, I know the key works using ssh directly, and I know the API
works, and the json file format works when not using a multi line key. But
adding the 2 together fails.
So I am stuck and frustrated as to where else I can look to a resolution.
If you are still seeing:
"ERROR o.g.g.auth.json.user.UserDataService - Received JSON is invalid:
Unexpected character ('-' (code 45)) in numeric value: expected digit (0-9)
to follow minus sign, for valid numeric value at [Source:
java.io.StringReader@32408e9d; line: 1, column: 3]"
Then the only possibility really is that the JSON is invalid. We can take a
look at the JSON, etc., but we would of course need the full JSON. I'd
suggest:
1) Setting up a temporary user on an isolated system with a private key
that you wouldn't mind sending verbatim to a mailing list
2) Encrypting, etc. the JSON with a new, temporary key for
guacamole-auth-json that you will use only for this test
3) Reproduce the problem with the above
4) Send the error(s), the data that you sent to the token service producing
those errors, and the shared key used to encrypt the JSON here.
That would be enough to take a look. Without that, all I can really do is
look at the error that says "JSON is invalid" and say "yep, your JSON is
invalid."
- Mike
[image:
https://contactmonkey.com/api/v1/tracker?cm_session=2fffb282-bfe4-4b10-9053-2daf099935ed&cm_type=open&cm_user_email=paul@thissolution.com]
Re: Sending private-key in json (using API to open session)
Posted by Mike Jumper <mj...@apache.org>.
On Wed, May 1, 2019 at 5:42 AM Paul A <pa...@thissolution.com> wrote:
> Hi Mike
>
>
>
> Thanks for getting back to me, appreciate it.
>
>
>
> I have put \n at the end of each line – and confirmed with 3 online JSON
> validators that its valid JSON. Yet its still not working- keeps asking for
> passphrase key.
>
>
>
> The issue isn’t the JSON being generated, at the moment I am manually
> doing it to confirm its working, and then passing it through your
> encrypt-json.sh script to get the output and put that into
> https://<GACAMOLE>/#/?tokens
> <https://contactmonkey.com/api/v1/tracker?cm_session=46fe7273-d1c3-4014-b978-7cbacdfed80a&cm_type=link&cm_link=b887b031-2383-4502-a982-527ac550b1de&cm_destination=https://%3cGACAMOLE%3e/#/?tokens>
> to get the token, then passing it to https://<GACAMOLE>/#/?token=
> <https://contactmonkey.com/api/v1/tracker?cm_session=46fe7273-d1c3-4014-b978-7cbacdfed80a&cm_type=link&cm_link=e92dd8c9-8b90-4ca6-87d2-8aec2f36814d&cm_destination=https://%3cGACAMOLE%3e/#/?token=> to
> load the page. I am doing it this way to make sure it all works – and doing
> this exact thing with using a json that doesn’t have a key, but has a
> password works. An ssh’ing into the client machine from this exact server
> while passing this rsa_dsa key (via the ssh –I RSA_DSA file) also works
> (doenst ask for a password).
>
>
>
> So from this, I know the key works using ssh directly, and I know the API
> works, and the json file format works when not using a multi line key. But
> adding the 2 together fails.
>
>
>
> So I am stuck and frustrated as to where else I can look to a resolution.
>
If you are still seeing:
"ERROR o.g.g.auth.json.user.UserDataService - Received JSON is invalid:
Unexpected character ('-' (code 45)) in numeric value: expected digit (0-9)
to follow minus sign, for valid numeric value at [Source:
java.io.StringReader@32408e9d; line: 1, column: 3]"
Then the only possibility really is that the JSON is invalid. We can take a
look at the JSON, etc., but we would of course need the full JSON. I'd
suggest:
1) Setting up a temporary user on an isolated system with a private key
that you wouldn't mind sending verbatim to a mailing list
2) Encrypting, etc. the JSON with a new, temporary key for
guacamole-auth-json that you will use only for this test
3) Reproduce the problem with the above
4) Send the error(s), the data that you sent to the token service producing
those errors, and the shared key used to encrypt the JSON here.
That would be enough to take a look. Without that, all I can really do is
look at the error that says "JSON is invalid" and say "yep, your JSON is
invalid."
- Mike