You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@guacamole.apache.org by Victor Norman <vt...@calvin.edu> on 2020/06/19 14:27:48 UTC

api/tokens error when using auth-noauth on guacmole 0.9.9

A little background: my goal was to move our project showcase system from

Ubuntu 16.04, tomcat7, guacamole 0.9.9 with auth-noauth,  to

Ubuntu 20.04, tomcat9, guacamole 1.1.0 (at least) with auth header-auth.

However, we're finding there are just too many changes to do all of this at once.

So, now the plan is to just take the existing system -- guacamole 0.9.9 with auth-noauth -- and move it to Ubuntu 20.04 -- changing as little as possible to get it working... except, tomcat7 must be replaced by tomcat9.

I have the new system set up, and everything *looks* good, but when I go to the main page (http://agora.cs.calvin.edu:8080), it does not take me to my home page but, after a bit of delay, to the login page.  Looking at the console logs, I see this:

POST http://agora2004.cs.calvin.edu:8080/agora/api/tokens 403

I don't know if that really is the problem, but I don't see that on my old server on Ubuntu 16.04.

When I drill down on that error, I see this:


     *
     *
Request URL:
http://agora2004.cs.calvin.edu:8080/agora/api/tokens
     *
Request Method:
POST
     *
Status Code:
403
     *
Remote Address:
153.106.195.16:8080
     *
Referrer Policy:
no-referrer-when-downgrade
  1.  Response Headersview source
     *
Connection:
keep-alive
     *
Content-Type:
application/json
     *
Date:
Fri, 19 Jun 2020 14:15:14 GMT
     *
Keep-Alive:
timeout=20
     *
Transfer-Encoding:
chunked
  2.  Request Headersview source
     *
Accept:
application/json, text/plain, */*
     *
Accept-Encoding:
gzip, deflate
     *
Accept-Language:
en-US,en;q=0.9
     *
Cache-Control:
no-cache
     *
Connection:
keep-alive
     *
Content-Length:
0
     *
Content-Type:
application/x-www-form-urlencoded
     *
Cookie:
JSESSIONID=0A776B90C0F6F15BED7FB7B82D917B40; JSESSIONID=2267FCDCA11585C196863C27E9E7F6C6
     *
DNT:
1
     *
Host:
agora2004.cs.calvin.edu:8080
     *
Origin:
http://agora2004.cs.calvin.edu:8080
     *
Pragma:
no-cache
     *
Referer:
http://agora2004.cs.calvin.edu:8080/agora/
     *
User-Agent:
Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36

I wonder if the guac auth-noauth is actually being used or not?  It seems to be configured correctly, with correct file permissions, etc.  But, there are no log messages to indicate it is being loaded, etc. -- even on the old system there are no log messages about auth-noauth being used -- but it is.

I wonder if there is just a directory that does not have the correct permissions?  Or is there a tomcat9 configuration option I'm missing?

Any ideas on what might be wrong or how to further debug this?  Help!


Prof. Victor Norman
Computer Science
Calvin College University
vtn2@calvin.edu<ma...@calvin.edu>
-----
"A designer knows he has achieved perfection not when there is nothing left to add, but when there is nothing left to take away." -- Antoine de Saint Exupéry

Re: api/tokens error when using auth-noauth on guacmole 0.9.9

Posted by ivanmarcus <iv...@yahoo.com.INVALID>.

Victor,


Noauth was removed from Guacamole 1.0.0 onwards, so the short answer is 
that it won't work.


However you're not the only person that's wanted a similar mechanism, 
there have been a few such requests and suggestions of how to best 
achieve something similar within a particular environment. This forum 
post may give you some further information:


http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/Running-guacamole-inside-of-a-secured-environment-td7922.html


I seem to recall other discussions so a trawl through the list may be 
worthwhile.


As a complete aside I like your quotation from Antoine de Saint Exupï¿½ry 
and was reminded of not dis-similar lines from Michelango Buonarroti a 
few hundred years prior. I expect you've read some of his literature, 
but if not I thoroughly recommend it - incl his madrigals.


On 20/06/2020 2:27 a.m., Victor Norman wrote:
> A little background: my goal was to move our project showcase system from
>
> Ubuntu 16.04, tomcat7, guacamole 0.9.9 with auth-noauth, to
>
> Ubuntu 20.04, tomcat9, guacamole 1.1.0 (at least) with auth header-auth.
>
> However, we're finding there are just too many changes to do all of 
> this at once.
>
> So, now the plan is to just take the existing system -- guacamole 
> 0.9.9 with auth-noauth -- and move it to Ubuntu 20.04 -- changing as 
> little as possible to get it working... except, tomcat7 must be 
> replaced by tomcat9.
>
> I have the new system set up, and everything *looks* good, but when I 
> go to the main page (http://agora.cs.calvin.edu:8080), it does not 
> take me to my home page but, after a bit of delay, to the login page. 
> Looking at the console logs, I see this:
>
> POST http://agora2004.cs.calvin.edu:8080/agora/api/tokens 403
>
> I don't know if that really is the problem, but I don't see that on my 
> old server on Ubuntu 16.04.
>
> When I drill down on that error, I see this:
>
>     1.
>
>
>     2.
>         Request URL:
>         http://agora2004.cs.calvin.edu:8080/agora/api/tokens
>     3.
>         Request Method:
>         POST
>     4.
>         Status Code:
>         403
>     5.
>         Remote Address:
>         153.106.195.16:8080
>     6.
>         Referrer Policy:
>         no-referrer-when-downgrade
>  1. Response Headersview source
>     1.
>         Connection:
>         keep-alive
>     2.
>         Content-Type:
>         application/json
>     3.
>         Date:
>         Fri, 19 Jun 2020 14:15:14 GMT
>     4.
>         Keep-Alive:
>         timeout=20
>     5.
>         Transfer-Encoding:
>         chunked
>  2. Request Headersview source
>     1.
>         Accept:
>         application/json, text/plain, */*
>     2.
>         Accept-Encoding:
>         gzip, deflate
>     3.
>         Accept-Language:
>         en-US,en;q=0.9
>     4.
>         Cache-Control:
>         no-cache
>     5.
>         Connection:
>         keep-alive
>     6.
>         Content-Length:
>         0
>     7.
>         Content-Type:
>         application/x-www-form-urlencoded
>     8.
>         Cookie:
>         JSESSIONID=0A776B90C0F6F15BED7FB7B82D917B40;
>         JSESSIONID=2267FCDCA11585C196863C27E9E7F6C6
>     9.
>         DNT:
>         1
>    10.
>         Host:
>         agora2004.cs.calvin.edu:8080
>    11.
>         Origin:
>         http://agora2004.cs.calvin.edu:8080
>    12.
>         Pragma:
>         no-cache
>    13.
>         Referer:
>         http://agora2004.cs.calvin.edu:8080/agora/
>    14.
>         User-Agent:
>         Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N)
>         AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106
>         Mobile Safari/537.36
>
>
> I wonder if the guac auth-noauth is actually being used or not?  It 
> seems to be configured correctly, with correct file permissions, etc.  
> But, there are no log messages to indicate it is being loaded, etc. -- 
> even on the old system there are no log messages about auth-noauth 
> being used -- but it is.
>
> I wonder if there is just a directory that does not have the correct 
> permissions?  Or is there a tomcat9 configuration option I'm missing?
>
> Any ideas on what might be wrong or how to further debug this?  Help!
>
> Prof. Victor Norman
> Computer Science
> Calvin College University
> vtn2@calvin.edu <ma...@calvin.edu>
> -----
> "A designer knows he has achieved perfection not when there is nothing 
> left to add, but when there is nothing left to take away." -- Antoine 
> de Saint Exupï¿½ry
>
>