You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@guacamole.apache.org by "Bime, Kerman K. (GSFC-606.2)[InuTeq, LLC]" <ke...@nasa.gov> on 2018/07/30 19:19:06 UTC

Http Header Auth

To whom it may concern,

Could you provide more information on configuring guacamole.properties for HTTP Header Authentication. The manual/documentation essentially just says to drop the jar file in GUAC_Home/extensions.

I understand that this needs to be layered on top of a db like MySql (which I have setup), however it does't provide more info that. For the lay person, i would like some sort of direction of how to configure that portion. Also, any info besides how to configure and more on what information I need to give guacamole.properties to make it http auth work would be great.

Cheers,

Kerman

Re: Http Header Auth

Posted by Nick Couchman <vn...@apache.org>.

On Mon, Jul 30, 2018 at 3:19 PM Bime, Kerman K. (GSFC-606.2)[InuTeq, LLC] <
kerman.k.bime@nasa.gov> wrote:

> To whom it may concern,
>
>
>
> Could you provide more information on configuring guacamole.properties for
> HTTP Header Authentication. The manual/documentation essentially just says
> to drop the jar file in GUAC_Home/extensions.
>

Yes, and reload Tomcat or the re-deploy the Guacamole WAR file.  The only
thing to configure within Guacamole is if you want to change the header
that's used to something other than REMOTE_USER, you can set that, as well.

Other than that, you also have to set up your web server to provide that
authentication - you can do this in Tomcat (or your Java Application Server
- Jetty, JBOSS, etc.), or you can do it on an upstream reverse proxy
server, like Nginx or Apache httpd.  You can find examples of how to
configure this for Nginx at the following page:

https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/

>
>
> I understand that this needs to be layered on top of a db like MySql
> (which I have setup), however it does’t provide more info that. For the lay
> person, i would like some sort of direction of how to configure that
> portion. Also, any info besides how to configure and more on what
> information I need to give guacamole.properties to make it http auth work
> would be great.
>
>
>

You'll basically want to take a look at the chapter on JDBC configuration
and configure that.  Layering the modules does not require anything
special, per se - you install and configure each of the modules, and the
"layering" happens automatically.  It is done via username, so if the
username of your user logged in via the HTTP header module matches one
present in the JDBC module, the permissions in the JDBC module will be
assigned to that user.  You might find the following section helpful - it
deals with LDAP + JDBC, but really applies anything, including Header auth,
plus JDBC:

http://guacamole.apache.org/doc/gug/ldap-auth.html#ldap-and-database

Feel free to post back if you have additional questions!

-Nick