You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Philipp Zeitschel <ph...@zeitschel.net.INVALID> on 2022/09/01 05:49:30 UTC

AW: authToken

Hi Sean,

 

thanks for the answer.

Your examples create a token and in the second steps deletes the token

But how can i use the token to bypass the authentification on the default guacamole web app?

 

I want to use the guacamole json auth plugin with the default guacamole web app but the documentation does only tell how to retrief a token, not what to do with it

 

Regards

 

Philipp

 

Von: Sean Hulbert <sh...@securitycentric.net.INVALID> 
Gesendet: Mittwoch, 31. August 2022 22:29
An: user@guacamole.apache.org
Betreff: RE: authToken

 

You can try

 

curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d 'username=username&password=password' https://URLHERE

 

curl -X DELETE https://GuacamoleServer:8080/Guacamole/api/tokens/1A065A4E9D59753CD427A03F8C861B6D68B5CC245A75436707C66C234F8215E3

 

 

Thank You

Sean Hulbert

 

Founder / CEO

Work Ph: 925.663.5565

 

Security Centric Inc.

A Cybersecurity Enablement Company

We don't just run you through the motions, Our labs teach you how to think!

 

 

 

System Award Management

CAGE: 8AUV4

 

AFCEA San Francisco Chapter V.P.

 

If you have heard of a hacker by name, he/she has failed, fear the hacker you haven’t heard of!

 

CONFIDENTIALITY NOTICE: This communication with its contents may contain confidential and/or legally privileged information. It is solely for the use of the intended recipient(s). Unauthorized interception, review, use or disclosure is prohibited and may violate applicable laws including the Electronic Communications Privacy Act. If you are not the intended recipient, please contact the sender and destroy all copies of the communication. Content within this email communication is not legally binding as a contract and no promises are guaranteed unless in a formal contract outside this email communication.

 

igitur qui desiderat pacem, praeparet bellum!!!

Epitoma Rei Militaris

 

From: Philipp Zeitschel [mailto:philipp@zeitschel.net.INVALID] 
Sent: Wednesday, August 31, 2022 1:11 PM
To: user@guacamole.apache.org <ma...@guacamole.apache.org> 
Subject: authToken

 

Hi,

i've requested an authToken via /api/tokens:

{"authToken":"54808533B1CCE7176838021B9CDD87583B04C67A9E1476A4621D453DA7F4A4AF","username":"blub","dataSource":"json","availableDataSources":["mysql","mysql-shared","json"]} 

i could manually inject it into the webapp:

localStorage.setItem('GUAC_AUTH', '{"authToken":"54808533B1CCE7176838021B9CDD87583B04C67A9E1476A4621D453DA7F4A4AF","username":"blub","dataSource":"json","availableDataSources":["mysql","mysql-shared","json"]}') 

what is the correct way to request an authToken and then redirect a User to the guacamole-client to establish an connection?

regards

Philipp