You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Rezk Mekhael <re...@gmail.com> on 2023/04/14 13:38:43 UTC
Video streaming performance
Hi team,
Video streaming over rdt is slow. What is the best rdp session setup to
help streaming?
Rezk
--
Rezk Mekhael
Rezk.Mekhael@gmail.com
c. +1818-599-4181
RE: High availability and users can connect only once to Guacamole Client page.
Posted by Gabriel Huerta Araujo <hu...@globalhitss.com.INVALID>.
Hi all
An apology it seems that point 2 is not clear. It is that if a user enters the Guacamole Web application on a device, they cannot do it from another device.
-Gabriel
-----Mensaje original-----
De: Gabriel Huerta Araujo
Enviado el: miércoles, 26 de abril de 2023 07:51 p. m.
Para: user@guacamole.apache.org
Asunto: High availability and users can connect only once to Guacamole Client page.
Hi all
I have 2 doubts:
1.- Guacamole is going to be installed on two servers, ¿is there a way to manage a high availability scheme (if one is out, the backup server automatically enters)?
2.- if a user accessed the Guacamole page with an account, he can not access the Guacamole page with the same account, via another computer?
Gabriel
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Users can connect only once to Guacamole Client page.
Posted by Gabriel Huerta Araujo <hu...@globalhitss.com.INVALID>.
As I made a change where if a user is logged in, and himself is trying to log in into another computer using Guacamole, how can I achieve when he is putting his credentials, Guacamole application shows a screen message indicating about this? I think this has to be done from Angular side.
-Gabriel
RE: Users can connect only once to Guacamole Client page.
Posted by Gabriel Huerta Araujo <hu...@globalhitss.com.INVALID>.
Thanks a lot Michael, it works like a charm!!!!.
-Gabriel
-----Mensaje original-----
De: Michael Jumper <mj...@apache.org>
Enviado el: domingo, 14 de mayo de 2023 12:42 a. m.
Para: user@guacamole.apache.org
Asunto: Re: Users can connect only once to Guacamole Client page.
On 5/13/23 18:32, Gabriel Huerta Araujo wrote:
> Thanks Michael
>
> My observations:
>
>>> You should use AbstractUserContext (you'll end up implementing a ton of stub functions otherwise), override invalidate(), and implement any remaining functions that have no implementation according to >> the JavaDoc:
>
>>> https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/
>>> net/auth/AbstractUserContext.html
>
>>> The overview of the above class describes this in more detail.
>
> I tried to do about above and I got an error:
>
> /home/admin-cns/tacacs/guacamole-client-1.4.0/extensions/guacamole-aut
> h-tacacs/src/main/java/org/apache/guacamole/auth/tacacs/user/UserConte
> xt.java:[31,7] error:
> org.apache.guacamole.auth.tacacs.user.UserContext is not abstract and
> does not override abstract method self() in
> org.apache.guacamole.net.auth.UserContext
>
> I do not see how self function has to be implemented according to https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/AbstractUserContext.html. This link just mentions: "Implementations must provide their own UserContext.self()"
>
https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/UserContext.html#self()
Simplest would be just returning an instance of SimpleUser with the username of the user that authenticated:
https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/simple/SimpleUser.html#%3Cinit%3E(java.lang.String)
- Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: Users can connect only once to Guacamole Client page.
Posted by Michael Jumper <mj...@apache.org>.
On 5/13/23 18:32, Gabriel Huerta Araujo wrote:
> Thanks Michael
>
> My observations:
>
>>> You should use AbstractUserContext (you'll end up implementing a ton of stub functions otherwise), override invalidate(), and implement any remaining functions that have no implementation according to >> the JavaDoc:
>
>>> https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/AbstractUserContext.html
>
>>> The overview of the above class describes this in more detail.
>
> I tried to do about above and I got an error:
>
> /home/admin-cns/tacacs/guacamole-client-1.4.0/extensions/guacamole-auth-tacacs/src/main/java/org/apache/guacamole/auth/tacacs/user/UserContext.java:[31,7] error: org.apache.guacamole.auth.tacacs.user.UserContext is not abstract and does not override abstract method self() in org.apache.guacamole.net.auth.UserContext
>
> I do not see how self function has to be implemented according to https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/AbstractUserContext.html. This link just mentions: "Implementations must provide their own UserContext.self()"
>
https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/UserContext.html#self()
Simplest would be just returning an instance of SimpleUser with the
username of the user that authenticated:
https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/simple/SimpleUser.html#%3Cinit%3E(java.lang.String)
- Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
RE: Users can connect only once to Guacamole Client page.
Posted by Gabriel Huerta Araujo <hu...@globalhitss.com.INVALID>.
Thanks Michael
My observations:
>> You should use AbstractUserContext (you'll end up implementing a ton of stub functions otherwise), override invalidate(), and implement any remaining functions that have no implementation according to >> the JavaDoc:
>> https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/AbstractUserContext.html
>> The overview of the above class describes this in more detail.
I tried to do about above and I got an error:
/home/admin-cns/tacacs/guacamole-client-1.4.0/extensions/guacamole-auth-tacacs/src/main/java/org/apache/guacamole/auth/tacacs/user/UserContext.java:[31,7] error: org.apache.guacamole.auth.tacacs.user.UserContext is not abstract and does not override abstract method self() in org.apache.guacamole.net.auth.UserContext
I do not see how self function has to be implemented according to https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/AbstractUserContext.html. This link just mentions: "Implementations must provide their own UserContext.self()"
- Gabriel
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: Users can connect only once to Guacamole Client page.
Posted by Michael Jumper <mj...@apache.org>.
On 5/12/23 12:22, Gabriel Huerta Araujo wrote:
>> To perform an action when a user logs in, you would implement an extension containing your own AuthentcationProvider that performs whatever tasks you need within getUserContext():
>> https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/AuthenticationProvider.html#getUserContext(org.apache.guacamole.net.auth.AuthenticatedUser)
>>
>> That function will be called for all installed extensions after authentication has succeeded.
>> To perform an action when a user logs out, you would make sure your implementation of getUserContext() returns a UserContext of your own that implements invalidate():
>>
>> https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/UserContext.html#invalidate()
>>
>> That function is called for all UserContexts associated with a user when their session is no longer valid, including when they log out
>
> From the self-implemented interface (UserContext), do I just need to override said method, invalidate()? If not, of the methods to be implemented, what should I put?
You should use AbstractUserContext (you'll end up implementing a ton of
stub functions otherwise), override invalidate(), and implement any
remaining functions that have no implementation according to the JavaDoc:
https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/AbstractUserContext.html
The overview of the above class describes this in more detail.
Same with AuthenticationProvider - you should use
AbstractAuthenticationProvider:
https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/AbstractAuthenticationProvider.html
- Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Users can connect only once to Guacamole Client page.
Posted by Gabriel Huerta Araujo <hu...@globalhitss.com.INVALID>.
>> To perform an action when a user logs in, you would implement an extension containing your own AuthentcationProvider that performs whatever tasks you need within getUserContext():
>> https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/AuthenticationProvider.html#getUserContext(org.apache.guacamole.net.auth.AuthenticatedUser)
>> That function will be called for all installed extensions after authentication has succeeded.
>> To perform an action when a user logs out, you would make sure your implementation of getUserContext() returns a UserContext of your own that implements invalidate():
>> https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/UserContext.html#invalidate()
>> That function is called for all UserContexts associated with a user when their session is no longer valid, including when they log out
From the self-implemented interface (UserContext), do I just need to override said method, invalidate()? If not, of the methods to be implemented, what should I put?
-Gabriel
Re: Users can connect only once to Guacamole Client page.
Posted by Michael Jumper <mj...@apache.org>.
On 5/11/23 19:32, Gabriel Huerta Araujo wrote:
>> My question is related to when a user enters into Guacamole web application in a computer and they should not enter with their same account into another computer. I would try to change Guacamole
>> application, question here is where I would do it? That is why I meant there are two places to do the changes: When user log in (to record log in access and ask the next time when same user access) and
>> when user log out (delete record access to make it accesible). Is there a way to make it, using Open-Close principle (close to change, open to extension).
>
> I found out logout function (file authenticationService.js) to go out from Guacamole web application. I am not proficient with Angular. Any guide or example to execute a REST service (java code) to be executed from js code, and this last one receives a response from java code?.
>
To perform an action when a user logs in, you would implement an
extension containing your own AuthentcationProvider that performs
whatever tasks you need within getUserContext():
https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/AuthenticationProvider.html#getUserContext(org.apache.guacamole.net.auth.AuthenticatedUser)
That function will be called for all installed extensions after
authentication has succeeded.
To perform an action when a user logs out, you would make sure your
implementation of getUserContext() returns a UserContext of your own
that implements invalidate():
https://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/UserContext.html#invalidate()
That function is called for all UserContexts associated with a user when
their session is no longer valid, including when they log out
- Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Users can connect only once to Guacamole Client page.
Posted by Gabriel Huerta Araujo <hu...@globalhitss.com.INVALID>.
> My question is related to when a user enters into Guacamole web application in a computer and they should not enter with their same account into another computer. I would try to change Guacamole
> application, question here is where I would do it? That is why I meant there are two places to do the changes: When user log in (to record log in access and ask the next time when same user access) and
> when user log out (delete record access to make it accesible). Is there a way to make it, using Open-Close principle (close to change, open to extension).
I found out logout function (file authenticationService.js) to go out from Guacamole web application. I am not proficient with Angular. Any guide or example to execute a REST service (java code) to be executed from js code, and this last one receives a response from java code?.
-Gabriel
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: High availability and users can connect only once to Guacamole Client page.
Posted by Nick Couchman <vn...@apache.org>.
On Sat, Apr 29, 2023 at 9:38 PM Gabriel Huerta Araujo
<hu...@globalhitss.com.invalid> wrote:
>
> Nick
>
> > If you're asking what would have to change in order to share active connection information between two systems, that's a fairly complex task. Currently the JDBC module is the only module that implements
> > active connection tracking, and it would need to be modified such that it would synchronize information with another system/module. This would likely require some modeling of the active connections, too,
> > similar to what is done with the rest of the information in the JDBC module, since you don't actually want to synchronize the entire connection, just the record of the connection, between the two systems.
> > There's no doubt in my mind that it's doable, but I wouldn't consider it a simple task.
>
> My question is related to when a user enters into Guacamole web application in a computer and they should not enter with their same account into another computer. I would try to change Guacamole application, question here is where I would do it? That is why I meant there are two places to do the changes: When user log in (to record log in access and ask the next time when same user access) and when user log out (delete record access to make it accesible). Is there a way to make it, using Open-Close principle (close to change, open to extension).
Ah, I got confused between this question and your other questions
related to HA. Yes, it should be possible, and probably not too
difficult, to either restrict a user to a single session, or to
restrict a user to only log in from a single source IP address. You'd
just need to check these conditions during login - if sessions are
present for other users, and/or what IP address the session is coming
from and if other sessions already exist - and then throw an exception
if one of these conditions if violated.
-Nick
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
RE: High availability and users can connect only once to Guacamole Client page.
Posted by Gabriel Huerta Araujo <hu...@globalhitss.com.INVALID>.
Nick
> If you're asking what would have to change in order to share active connection information between two systems, that's a fairly complex task. Currently the JDBC module is the only module that implements
> active connection tracking, and it would need to be modified such that it would synchronize information with another system/module. This would likely require some modeling of the active connections, too,
> similar to what is done with the rest of the information in the JDBC module, since you don't actually want to synchronize the entire connection, just the record of the connection, between the two systems.
> There's no doubt in my mind that it's doable, but I wouldn't consider it a simple task.
My question is related to when a user enters into Guacamole web application in a computer and they should not enter with their same account into another computer. I would try to change Guacamole application, question here is where I would do it? That is why I meant there are two places to do the changes: When user log in (to record log in access and ask the next time when same user access) and when user log out (delete record access to make it accesible). Is there a way to make it, using Open-Close principle (close to change, open to extension).
-Gabriel
Re: Tunning to avoid "The network connection to the Guacamole server appears unstable" message in Guacamole Web Application
Posted by Nick Couchman <ni...@gmail.com>.
On Wed, May 31, 2023 at 6:31 PM Gabriel Huerta Araujo
<hu...@globalhitss.com.invalid> wrote:
>
> Continuously I got this message when I am in Guacamole Web Application:
>
> The network connection to the Guacamole server appears unstable" message in Guacamole Web Application
>
> Any tunning which it can be done to supragate this problem?
There's nothing specific to Guacamole that you need to tune to help
this problem - the tuning is all on the system or network side:
* For the system running guacd and Guacamole Client, make sure that
sufficient resources are allocated and that none of the processes are
being "starved" for CPU or RAM.
* For the network, make sure that you have sufficient bandwidth
between each leg of the system - guacd <-> remote server, and client
<-> guacamole, and that latency within each of those connections is
within reasonable limits.
If you're trying to troubleshoot, test to different destinations and
see if the results are consistent or if certain destinations (networks
or servers) exhibit the issue while others do not. Use Linux's
built-in monitoring commands - top, for example - to validate system
resources. Install iftop and iotop and use those to make sure that IO
and bandwidth are reasonable and expected.
Again, all standard system and network performance tuning and
troubleshooting - nothing specific to Guacamole.
-Nick
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Tunning to avoid "The network connection to the Guacamole server appears unstable" message in Guacamole Web Application
Posted by Gabriel Huerta Araujo <hu...@globalhitss.com.INVALID>.
Continuously I got this message when I am in Guacamole Web Application:
The network connection to the Guacamole server appears unstable" message in Guacamole Web Application
Any tunning which it can be done to supragate this problem?
-Gabriel
RE: Guacamole REST petition to remove user session.
Posted by Gabriel Huerta Araujo <hu...@globalhitss.com.INVALID>.
Ok Michael.
You are right, thanks a lot.
It works like a charm.
-Gabriel
-----Mensaje original-----
De: Michael Jumper <mj...@apache.org>
Enviado el: miércoles, 31 de mayo de 2023 01:06 p. m.
Para: user@guacamole.apache.org
Asunto: Re: Guacamole REST petition to remove user session.
If using the ".../api/session" endpoint, then the token needs to be included as the "Guacamole-Token" header. Including the token within the path is a request for a resource that does not exist, and permission to access anything beneath ".../api/session" (whether or not it exists) will be denied if you don't include a valid "Guacamole-Token" header.
The endpoint for invalidating a token that includes the token in the path instead of a header is ".../api/tokens/YOUR_TOKEN_GOES_HERE".
- Mike
On 5/31/23 10:45, Gabriel Huerta Araujo wrote:
> Hi
>
> I am executing a perl script which executes a REST DELETE to remove a user session and sends an error:
>
> '_content' => '{"message":"Permission Denied.","translatableMessage":{"key":"APP.TEXT_UNTRANSLATED","variables":{"MESSAGE":"Permission Denied."}},"statusCode":null,"expected":null,"type":"BAD_REQUEST"}'
>
> What seems to be the trouble?
>
> This is the client petition:
> $VAR1 = bless( {
> '_config' => {
> 'host' => 'http://xx.xx.xx.xx:xxxx',
> 'useragent' => bless( {
> 'requests_redirectable' => [
> 'GET',
> 'HEAD'
> ],
> 'protocols_allowed' => undef,
> 'max_redirect' => 7,
> 'max_size' => undef,
> 'def_headers' => bless( {
> 'user-agent' => 'REST::Client/281'
> }, 'HTTP::Headers' ),
> 'send_te' => 1,
> 'use_eval' => 1,
> 'protocols_forbidden' => undef,
> 'show_progress' => undef,
> 'handlers' => {
> 'response_header' => bless( [
> {
> 'm_media_type' => 'html',
> 'owner' => 'LWP::UserAgent::parse_head',
> 'line' => '/usr/share/perl5/LWP/UserAgent.pm:768',
> 'callback' => sub { "DUMMY" }
> }
> ], 'HTTP::Config' )
> },
> 'local_address' => undef,
> 'ssl_opts' => {
> 'verify_hostname' => 1
> },
> 'timeout' => 300,
> 'no_proxy' => [],
> 'proxy' => {}
> }, 'LWP::UserAgent' )
> },
> '_res' => bless( {
> '_headers' => bless( {
> 'client-date' => 'Wed, 31 May 2023 16:46:04 GMT',
> 'content-length' => '186',
> 'date' => 'Wed, 31 May 2023 16:46:04 GMT',
> 'client-peer' => 'xx.xx.xx.xx:xxxx',
> '::std_case' => {
> 'client-date' => 'Client-Date',
> 'client-response-num' => 'Client-Response-Num',
> 'client-peer' => 'Client-Peer'
> },
> 'content-type' => 'application/json',
> 'connection' => 'close',
> 'client-response-num' => 1
> }, 'HTTP::Headers' ),
> '_request' => bless( {
> '_content' => '',
> '_method' => 'DELETE',
> '_headers' => bless( {
> 'user-agent' => 'REST::Client/281',
>
> 'authorization' => 'Basic Y25zc2lzdGU6VDF0NG4zcyE= ',
> 'content-type' => 'application/json',
> 'connection' => 'close',
> 'content-length' => 0
> }, 'HTTP::Headers' ),
> '_uri' => bless( do{\(my $o = 'http://xx.xx.xx.xx:xxxx/guacamole/api/session/45479416E12A8470BCF0ACAA155D5CED9DD4F7860FE31CB84104B78BC896851A')}, 'URI::http' ),
> '_uri_canonical' => $VAR1->{'_res'}{'_request'}{'_uri'}
> }, 'HTTP::Request' ),
> '_content' => '{"message":"Permission Denied.","translatableMessage":{"key":"APP.TEXT_UNTRANSLATED","variables":{"MESSAGE":"Permission Denied."}},"statusCode":null,"expected":null,"type":"BAD_REQUEST"}',
> '_protocol' => 'HTTP/1.1',
> '_msg' => '',
> '_rc' => '403'
> }, 'HTTP::Response' )
> }, 'REST::Client' );
>
> 'http://xx.xx.xx.xx:xxxx/guacamole/api/session/45479416E12A8470BCF0ACAA155D5CED9DD4F7860FE31CB84104B78BC896851A' is the URL petition and 45479416E12A8470BCF0ACAA155D5CED9DD4F7860FE31CB84104B78BC896851A is the token related to session. This needs to be encrypted? If yes how this must be done?
>
> -Gabriel
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
> For additional commands, e-mail: user-help@guacamole.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: Guacamole REST petition to remove user session.
Posted by Michael Jumper <mj...@apache.org>.
If using the ".../api/session" endpoint, then the token needs to be
included as the "Guacamole-Token" header. Including the token within the
path is a request for a resource that does not exist, and permission to
access anything beneath ".../api/session" (whether or not it exists)
will be denied if you don't include a valid "Guacamole-Token" header.
The endpoint for invalidating a token that includes the token in the
path instead of a header is ".../api/tokens/YOUR_TOKEN_GOES_HERE".
- Mike
On 5/31/23 10:45, Gabriel Huerta Araujo wrote:
> Hi
>
> I am executing a perl script which executes a REST DELETE to remove a user session and sends an error:
>
> '_content' => '{"message":"Permission Denied.","translatableMessage":{"key":"APP.TEXT_UNTRANSLATED","variables":{"MESSAGE":"Permission Denied."}},"statusCode":null,"expected":null,"type":"BAD_REQUEST"}'
>
> What seems to be the trouble?
>
> This is the client petition:
> $VAR1 = bless( {
> '_config' => {
> 'host' => 'http://xx.xx.xx.xx:xxxx',
> 'useragent' => bless( {
> 'requests_redirectable' => [
> 'GET',
> 'HEAD'
> ],
> 'protocols_allowed' => undef,
> 'max_redirect' => 7,
> 'max_size' => undef,
> 'def_headers' => bless( {
> 'user-agent' => 'REST::Client/281'
> }, 'HTTP::Headers' ),
> 'send_te' => 1,
> 'use_eval' => 1,
> 'protocols_forbidden' => undef,
> 'show_progress' => undef,
> 'handlers' => {
> 'response_header' => bless( [
> {
> 'm_media_type' => 'html',
> 'owner' => 'LWP::UserAgent::parse_head',
> 'line' => '/usr/share/perl5/LWP/UserAgent.pm:768',
> 'callback' => sub { "DUMMY" }
> }
> ], 'HTTP::Config' )
> },
> 'local_address' => undef,
> 'ssl_opts' => {
> 'verify_hostname' => 1
> },
> 'timeout' => 300,
> 'no_proxy' => [],
> 'proxy' => {}
> }, 'LWP::UserAgent' )
> },
> '_res' => bless( {
> '_headers' => bless( {
> 'client-date' => 'Wed, 31 May 2023 16:46:04 GMT',
> 'content-length' => '186',
> 'date' => 'Wed, 31 May 2023 16:46:04 GMT',
> 'client-peer' => 'xx.xx.xx.xx:xxxx',
> '::std_case' => {
> 'client-date' => 'Client-Date',
> 'client-response-num' => 'Client-Response-Num',
> 'client-peer' => 'Client-Peer'
> },
> 'content-type' => 'application/json',
> 'connection' => 'close',
> 'client-response-num' => 1
> }, 'HTTP::Headers' ),
> '_request' => bless( {
> '_content' => '',
> '_method' => 'DELETE',
> '_headers' => bless( {
> 'user-agent' => 'REST::Client/281',
> 'authorization' => 'Basic Y25zc2lzdGU6VDF0NG4zcyE=
> ',
> 'content-type' => 'application/json',
> 'connection' => 'close',
> 'content-length' => 0
> }, 'HTTP::Headers' ),
> '_uri' => bless( do{\(my $o = 'http://xx.xx.xx.xx:xxxx/guacamole/api/session/45479416E12A8470BCF0ACAA155D5CED9DD4F7860FE31CB84104B78BC896851A')}, 'URI::http' ),
> '_uri_canonical' => $VAR1->{'_res'}{'_request'}{'_uri'}
> }, 'HTTP::Request' ),
> '_content' => '{"message":"Permission Denied.","translatableMessage":{"key":"APP.TEXT_UNTRANSLATED","variables":{"MESSAGE":"Permission Denied."}},"statusCode":null,"expected":null,"type":"BAD_REQUEST"}',
> '_protocol' => 'HTTP/1.1',
> '_msg' => '',
> '_rc' => '403'
> }, 'HTTP::Response' )
> }, 'REST::Client' );
>
> 'http://xx.xx.xx.xx:xxxx/guacamole/api/session/45479416E12A8470BCF0ACAA155D5CED9DD4F7860FE31CB84104B78BC896851A' is the URL petition and 45479416E12A8470BCF0ACAA155D5CED9DD4F7860FE31CB84104B78BC896851A is the token related to session. This needs to be encrypted? If yes how this must be done?
>
> -Gabriel
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
> For additional commands, e-mail: user-help@guacamole.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: Guacamole REST petition to get all user tokens.
Posted by Nick Couchman <vn...@apache.org>.
On Thu, Jun 8, 2023 at 9:12 PM Gabriel Huerta Araujo
<hu...@globalhitss.com.invalid> wrote:
>
> Hi
>
> I am executing a perl script which executes a REST GET to get all token users and sends an error:
Looking at the code, I do not see a way to retrieve all current users
and tokens from the REST API. There is no GET method defined for the
api/tokens endpoint:
https://github.com/apache/guacamole-client/blob/master/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java
>
> '_rc' => '405',
> '_headers' => bless( {
> 'client-date' => 'Fri, 09 Jun 2023 00:16:20 GMT',
> 'title' => 'Estado HTTP 405 – Method Not Allowed',
>
>
> What seems to be the trouble?
>
The error is exactly what it indicates - you're trying to make a GET
called to the api/tokens endpoint, and that particular endpoint does
not allow GET requests.
-Nick
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Guacamole REST petition to get all user tokens.
Posted by Gabriel Huerta Araujo <hu...@globalhitss.com.INVALID>.
Hi
I am executing a perl script which executes a REST GET to get all token users and sends an error:
'_rc' => '405',
'_headers' => bless( {
'client-date' => 'Fri, 09 Jun 2023 00:16:20 GMT',
'title' => 'Estado HTTP 405 – Method Not Allowed',
What seems to be the trouble?
This is the client petition:
$VAR1 = bless( {
'_res' => bless( {
'_rc' => '405',
'_content' => '<!doctype html><html lang="es"><head><title>Estado HTTP 405 – Method Not Allowed</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>Estado HTTP 405 – Method Not Allowed</h1><hr class="line" /><p><b>Tipo</b> Informe de estado</p><p><b>mensaje</b> Method Not Allowed</p><p><b>Descripción</b> El método HTTP especificado no está permitido para el recurso requerido.</p><hr class="line" /><h3>Apache Tomcat/9.0.43 (Debian)</h3></body></html>',
'_msg' => '',
'_request' => bless( {
'_content' => '',
'_uri' => bless( do{\(my $o = 'http://xx.xx.xx.xx:xxxx/ga/api/tokens')}, 'URI::http' ),
'_uri_canonical' => $VAR1->{'_res'}{'_request'}{'_uri'},
'_method' => 'GET',
'_headers' => bless( {
'content-type' => 'application/json',
'authorization' => 'Basic Y25zc2lzdGU6VDF0NG4zcyE=
',
'connection' => 'close',
'content-length' => 0,
'user-agent' => 'REST::Client/281'
}, 'HTTP::Headers' )
}, 'HTTP::Request' ),
'_protocol' => 'HTTP/1.1',
'_headers' => bless( {
'client-date' => 'Fri, 09 Jun 2023 00:17:38 GMT',
'allow' => 'POST,OPTIONS',
'content-type' => 'text/html;charset=utf-8',
'title' => 'Estado HTTP 405 – Method Not Allowed',
'client-peer' => 'xx.xx.x.xxx:xxxx',
'client-response-num' => 1,
'date' => 'Fri, 09 Jun 2023 00:17:38 GMT',
'connection' => 'close',
'::std_case' => {
'client-date' => 'Client-Date',
'title' => 'Title',
'client-peer' => 'Client-Peer',
'client-response-num' => 'Client-Response-Num'
},
'content-language' => 'es',
'content-length' => '702'
}, 'HTTP::Headers' )
}, 'HTTP::Response' ),
'_config' => {
'host' => 'http://'xx.xx.x.xxx:xxxx',
'useragent' => bless( {
'max_size' => undef,
'max_redirect' => 7,
'def_headers' => bless( {
'user-agent' => 'REST::Client/281'
}, 'HTTP::Headers' ),
'handlers' => {
'response_header' => bless( [
{
'm_media_type' => 'html',
'line' => '/usr/share/perl5/LWP/UserAgent.pm:768',
'callback' => sub { "DUMMY" },
'owner' => 'LWP::UserAgent::parse_head'
}
], 'HTTP::Config' )
},
'proxy' => {},
'no_proxy' => [],
'timeout' => 300,
'ssl_opts' => {
'verify_hostname' => 1
},
'protocols_forbidden' => undef,
'protocols_allowed' => undef,
'show_progress' => undef,
'local_address' => undef,
'send_te' => 1,
'requests_redirectable' => [
'GET',
'HEAD'
],
'use_eval' => 1
}, 'LWP::UserAgent' )
}
}, 'REST::Client' );
'http://xx.xx.xx.xx:xxxx/guacamole/ga/api/tokens' is the URL petition.
-Gabriel
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Guacamole REST petition to remove user session.
Posted by Gabriel Huerta Araujo <hu...@globalhitss.com.INVALID>.
Hi
I am executing a perl script which executes a REST DELETE to remove a user session and sends an error:
'_content' => '{"message":"Permission Denied.","translatableMessage":{"key":"APP.TEXT_UNTRANSLATED","variables":{"MESSAGE":"Permission Denied."}},"statusCode":null,"expected":null,"type":"BAD_REQUEST"}'
What seems to be the trouble?
This is the client petition:
$VAR1 = bless( {
'_config' => {
'host' => 'http://xx.xx.xx.xx:xxxx',
'useragent' => bless( {
'requests_redirectable' => [
'GET',
'HEAD'
],
'protocols_allowed' => undef,
'max_redirect' => 7,
'max_size' => undef,
'def_headers' => bless( {
'user-agent' => 'REST::Client/281'
}, 'HTTP::Headers' ),
'send_te' => 1,
'use_eval' => 1,
'protocols_forbidden' => undef,
'show_progress' => undef,
'handlers' => {
'response_header' => bless( [
{
'm_media_type' => 'html',
'owner' => 'LWP::UserAgent::parse_head',
'line' => '/usr/share/perl5/LWP/UserAgent.pm:768',
'callback' => sub { "DUMMY" }
}
], 'HTTP::Config' )
},
'local_address' => undef,
'ssl_opts' => {
'verify_hostname' => 1
},
'timeout' => 300,
'no_proxy' => [],
'proxy' => {}
}, 'LWP::UserAgent' )
},
'_res' => bless( {
'_headers' => bless( {
'client-date' => 'Wed, 31 May 2023 16:46:04 GMT',
'content-length' => '186',
'date' => 'Wed, 31 May 2023 16:46:04 GMT',
'client-peer' => 'xx.xx.xx.xx:xxxx',
'::std_case' => {
'client-date' => 'Client-Date',
'client-response-num' => 'Client-Response-Num',
'client-peer' => 'Client-Peer'
},
'content-type' => 'application/json',
'connection' => 'close',
'client-response-num' => 1
}, 'HTTP::Headers' ),
'_request' => bless( {
'_content' => '',
'_method' => 'DELETE',
'_headers' => bless( {
'user-agent' => 'REST::Client/281',
'authorization' => 'Basic Y25zc2lzdGU6VDF0NG4zcyE=
',
'content-type' => 'application/json',
'connection' => 'close',
'content-length' => 0
}, 'HTTP::Headers' ),
'_uri' => bless( do{\(my $o = 'http://xx.xx.xx.xx:xxxx/guacamole/api/session/45479416E12A8470BCF0ACAA155D5CED9DD4F7860FE31CB84104B78BC896851A')}, 'URI::http' ),
'_uri_canonical' => $VAR1->{'_res'}{'_request'}{'_uri'}
}, 'HTTP::Request' ),
'_content' => '{"message":"Permission Denied.","translatableMessage":{"key":"APP.TEXT_UNTRANSLATED","variables":{"MESSAGE":"Permission Denied."}},"statusCode":null,"expected":null,"type":"BAD_REQUEST"}',
'_protocol' => 'HTTP/1.1',
'_msg' => '',
'_rc' => '403'
}, 'HTTP::Response' )
}, 'REST::Client' );
'http://xx.xx.xx.xx:xxxx/guacamole/api/session/45479416E12A8470BCF0ACAA155D5CED9DD4F7860FE31CB84104B78BC896851A' is the URL petition and 45479416E12A8470BCF0ACAA155D5CED9DD4F7860FE31CB84104B78BC896851A is the token related to session. This needs to be encrypted? If yes how this must be done?
-Gabriel
RE: Guacamole option where all logged users are shown.
Posted by Gabriel Huerta Araujo <hu...@globalhitss.com.INVALID>.
>
> Another question:
>
> 3.- There is a requirement to create a Guacamole option, where all users are shown, mainly whom are logged. And one option when I select one or various users, I can log out them from Guacamole web application. ¿Which is your recommendation?, ¿is this posible?, ¿could I add this functionality into Guacamole application?
> Yes, this is possible - it should be relatively easy to put another page in the Settings section, for example, that lists logged in users, similar to how active connections are listed. I would think that just looking at > the current tokens within the authentication system would provide this detail.
In settingsSessions.html file there is a variable called activeConnection, ¿what is its counterpart to manage auth tokens in js code? Or how is related user with their auth token?
-Gabriel
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Guacamole option where all logged users are shown.
Posted by Gabriel Huerta Araujo <hu...@globalhitss.com.INVALID>.
>
> Another question:
>
> 3.- There is a requirement to create a Guacamole option, where all users are shown, mainly whom are logged. And one option when I select one or various users, I can log out them from Guacamole web application. ¿Which is your recommendation?, ¿is this posible?, ¿could I add this functionality into Guacamole application?
> Yes, this is possible - it should be relatively easy to put another page in the Settings section, for example, that lists logged in users, similar to how active connections are listed. I would think that just looking at > the current tokens within the authentication system would provide this detail.
In settingsSessions.html file there is a variable called activeConnection, what is its counterpart to manage auth tokens in js code?
-Gabriel
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: High availability and users can connect only once to Guacamole Client page.
Posted by Nick Couchman <vn...@apache.org>.
On Fri, Apr 28, 2023 at 8:00 PM Gabriel Huerta Araujo
<hu...@globalhitss.com.invalid> wrote:
>
> Ok Nick
>
> My feedback
>
> 1.- About concurrent sessions, I think this should not be shareable. Is it necessary to use non-shareable connections to be able to use the load balancer? How do I differentiate between them (shareable vs not shareable)? or how can I configure them?
>
You can use shareable connections, you just have to be aware that, if
people try to share them, unexpected things might happen when
Guacamole is behind a load balancer. If you don't create shared
connections, you won't face this issue.
In order to create shared connections, you need to create a sharing
profile - if you're not creating a sharing profile, users cannot share
connections (except administrative access to connections, which is
always enabled, but will also produce unexpected results).
> 2.- If I pretend implementing a solution, where it is the place to do them? I mean there are two places to do the changes. When user log in (to record log in access and ask the next time when same user access) and when user log out (delete record access to make it accesible). Is there a way to make it, using Open-Close principle (close to change, open to extension).
If you're asking what would have to change in order to share active
connection information between two systems, that's a fairly complex
task. Currently the JDBC module is the only module that implements
active connection tracking, and it would need to be modified such that
it would synchronize information with another system/module. This
would likely require some modeling of the active connections, too,
similar to what is done with the rest of the information in the JDBC
module, since you don't actually want to synchronize the entire
connection, just the record of the connection, between the two
systems. There's no doubt in my mind that it's doable, but I wouldn't
consider it a simple task.
>
> Another question:
>
> 3.- There is a requirement to create a Guacamole option, where all users are shown, mainly whom are logged. And one option when I select one or various users, I can log out them from Guacamole web application. ¿Which is your recommendation?, ¿is this posible?, ¿could I add this functionality into Guacamole application?
Yes, this is possible - it should be relatively easy to put another
page in the Settings section, for example, that lists logged in users,
similar to how active connections are listed. I would think that just
looking at the current tokens within the authentication system would
provide this detail.
-Nick
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
RE: High availability and users can connect only once to Guacamole Client page.
Posted by Gabriel Huerta Araujo <hu...@globalhitss.com.INVALID>.
Ok Nick
My feedback
1.- About concurrent sessions, I think this should not be shareable. Is it necessary to use non-shareable connections to be able to use the load balancer? How do I differentiate between them (shareable vs not shareable)? or how can I configure them?
2.- If I pretend implementing a solution, where it is the place to do them? I mean there are two places to do the changes. When user log in (to record log in access and ask the next time when same user access) and when user log out (delete record access to make it accesible). Is there a way to make it, using Open-Close principle (close to change, open to extension).
Another question:
3.- There is a requirement to create a Guacamole option, where all users are shown, mainly whom are logged. And one option when I select one or various users, I can log out them from Guacamole web application. ¿Which is your recommendation?, ¿is this posible?, ¿could I add this functionality into Guacamole application?
-Gabriel
-----Mensaje original-----
De: Nick Couchman <vn...@apache.org>
Enviado el: viernes, 28 de abril de 2023 01:58 p. m.
Para: user@guacamole.apache.org
Asunto: Re: High availability and users can connect only once to Guacamole Client page.
On Wed, Apr 26, 2023 at 9:52 PM Gabriel Huerta Araujo <hu...@globalhitss.com.invalid> wrote:
>
> Hi all
>
> I have 2 doubts:
>
> 1.- Guacamole is going to be installed on two servers, ¿is there a way to manage a high availability scheme (if one is out, the backup server automatically enters)?
There is currently no way to synchronize active sessions or logins between two servers. You can certainly put the servers behind a load balancer, and send sessions to multiple servers, but there is currently no way for one server to know about sessions on the other server. There are two areas where this may impact things, depending on how you use Guacamole:
1. If you use Guacamole to limit the number of concurrent sessions for a connection, but you have multiple servers sharing those connections, the concurrency limits won't be accurate. So, for example if you have a connection that you limit to 10 concurrent connections, and you have
2 Guacamole Client servers, you could conceivably have up to 20 connections - 10 on each server.
2. If you use connection sharing, you'll likely have problems with the shared links being invalid. A user may start up a connection on Server1, share the connection, and then send out the link, and the person who is joining the shared connection may be directed by the load balancer to Server2, instead.
If you don't care about connection concurrency limits and don't share connections, then it probably won't impact you and you'll be okay using load balancers.
> 2.- if a user accessed the Guacamole page with an account, he can not access the Guacamole page with the same account, via another computer?
>
There's not really any way to prevent a user from logging in from more than one computer - at least, not the way it is currently implemented.
There are several default concurrency limits you can put in place, but nothing that says, "If a user logs in from the IP address, don't allow them to log in from anywhere else."
https://guacamole.apache.org/doc/gug/jdbc-auth.html#concurrent-use-of-guacamole-connections
-Nick
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: High availability and users can connect only once to Guacamole Client page.
Posted by Nick Couchman <vn...@apache.org>.
On Wed, Apr 26, 2023 at 9:52 PM Gabriel Huerta Araujo
<hu...@globalhitss.com.invalid> wrote:
>
> Hi all
>
> I have 2 doubts:
>
> 1.- Guacamole is going to be installed on two servers, ¿is there a way to manage a high availability scheme (if one is out, the backup server automatically enters)?
There is currently no way to synchronize active sessions or logins
between two servers. You can certainly put the servers behind a load
balancer, and send sessions to multiple servers, but there is
currently no way for one server to know about sessions on the other
server. There are two areas where this may impact things, depending on
how you use Guacamole:
1. If you use Guacamole to limit the number of concurrent sessions for
a connection, but you have multiple servers sharing those connections,
the concurrency limits won't be accurate. So, for example if you have
a connection that you limit to 10 concurrent connections, and you have
2 Guacamole Client servers, you could conceivably have up to 20
connections - 10 on each server.
2. If you use connection sharing, you'll likely have problems with the
shared links being invalid. A user may start up a connection on
Server1, share the connection, and then send out the link, and the
person who is joining the shared connection may be directed by the
load balancer to Server2, instead.
If you don't care about connection concurrency limits and don't share
connections, then it probably won't impact you and you'll be okay
using load balancers.
> 2.- if a user accessed the Guacamole page with an account, he can not access the Guacamole page with the same account, via another computer?
>
There's not really any way to prevent a user from logging in from more
than one computer - at least, not the way it is currently implemented.
There are several default concurrency limits you can put in place, but
nothing that says, "If a user logs in from the IP address, don't allow
them to log in from anywhere else."
https://guacamole.apache.org/doc/gug/jdbc-auth.html#concurrent-use-of-guacamole-connections
-Nick
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
High availability and users can connect only once to Guacamole Client page.
Posted by Gabriel Huerta Araujo <hu...@globalhitss.com.INVALID>.
Hi all
I have 2 doubts:
1.- Guacamole is going to be installed on two servers, ¿is there a way to manage a high availability scheme (if one is out, the backup server automatically enters)?
2.- if a user accessed the Guacamole page with an account, he can not access the Guacamole page with the same account, via another computer?
Gabriel
Re: Video streaming performance
Posted by Nick Couchman <vn...@apache.org>.
On Fri, Apr 14, 2023 at 9:39 AM Rezk Mekhael <re...@gmail.com> wrote:
>
> Hi team,
>
> Video streaming over rdt is slow. What is the best rdp session setup to help streaming?
>
You'll likely need to look at various resources between the different
"legs" of connections between your client system and the RDP server to
see where the bottleneck is. Guacamole, particularly guacd,
automatically adjusts performance characteristics of the connections
based on various metrics, so, if there's a bottleneck it may cause
guacd to adjust these performance characteristics to keep up with the
connection, which may include dropping frames or sending lower-quality
images.
-Nick
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org