You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@guacamole.apache.org by Masood <ma...@gmail.com> on 2017/11/17 15:29:35 UTC

HTTP header authentication not working. Infomation missing

I am trying to add HTTP header auth extension into guacamole. I have followed
all the instructions from the chapter 9 of Manual. The jar file is in the
extension folder, but I don't see any new loaded extension in syslog. I have
not added any new property to the guacamole.properties. As it is optional

I am using Tomcat 7. Do I need to change some properties in Tomcat to allow
HTTP headers?

Also, I don't understand the following line in manual "If your
authentication system uses a different HTTP header" I don't have any
authentication system. Do I need to install it? Is it in Tomcat or 3rd party
application.

For beginner, I think there is some information missing in Chap 9

Regards,
Masood




--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

Re: HTTP header authentication not working. Infomation missing

Posted by Nick Couchman <vn...@apache.org>.

On Fri, Nov 17, 2017 at 10:29 AM, Masood <ma...@gmail.com> wrote:

> I am trying to add HTTP header auth extension into guacamole. I have
> followed
> all the instructions from the chapter 9 of Manual. The jar file is in the
> extension folder, but I don't see any new loaded extension in syslog. I
> have
> not added any new property to the guacamole.properties. As it is optional
>
> I am using Tomcat 7. Do I need to change some properties in Tomcat to allow
> HTTP headers?
>
> Also, I don't understand the following line in manual "If your
> authentication system uses a different HTTP header" I don't have any
> authentication system. Do I need to install it? Is it in Tomcat or 3rd
> party
> application.
>

You need to configure your web server - either Tomcat or your reverse proxy
web server, if you're proxying it through nginx or httpd, for example - to
do HTTP authentication.  You can find configuration examples for BASIC
authentication in the following document - item #5:

http://archive.oreilly.com/pub/a/java/archive/tomcat-tips.html

If you're proxying Guacamole through Apache httpd, you'd do something like
this in your configuration:

<Location /guacamole>
   ...
    AuthType basic
    AuthName "Basic Authentication"
    AuthBasicProvider file
    AuthUserFile /etc/httpd/guacamole.users
    Require valid-user
</Location>

By default Apache will set the REMOTE_USER header during authentication,
which should be passed through to Tomcat and accessible by Guacamole.
Nginx has similar options:

https://www.nginx.com/resources/admin-guide/restricting-access-auth-basic/

-Nick