You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Philipp Zeitschel <ph...@zeitschel.net.INVALID> on 2022/09/01 05:49:30 UTC
AW: authToken
Hi Sean,
thanks for the answer.
Your examples create a token and in the second steps deletes the token
But how can i use the token to bypass the authentification on the default guacamole web app?
I want to use the guacamole json auth plugin with the default guacamole web app but the documentation does only tell how to retrief a token, not what to do with it
Regards
Philipp
Von: Sean Hulbert <sh...@securitycentric.net.INVALID>
Gesendet: Mittwoch, 31. August 2022 22:29
An: user@guacamole.apache.org
Betreff: RE: authToken
You can try
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d 'username=username&password=password' https://URLHERE
curl -X DELETE https://GuacamoleServer:8080/Guacamole/api/tokens/1A065A4E9D59753CD427A03F8C861B6D68B5CC245A75436707C66C234F8215E3
Thank You
Sean Hulbert
Founder / CEO
Work Ph: 925.663.5565
Security Centric Inc.
A Cybersecurity Enablement Company
We don't just run you through the motions, Our labs teach you how to think!
System Award Management
CAGE: 8AUV4
AFCEA San Francisco Chapter V.P.
If you have heard of a hacker by name, he/she has failed, fear the hacker you haven’t heard of!
CONFIDENTIALITY NOTICE: This communication with its contents may contain confidential and/or legally privileged information. It is solely for the use of the intended recipient(s). Unauthorized interception, review, use or disclosure is prohibited and may violate applicable laws including the Electronic Communications Privacy Act. If you are not the intended recipient, please contact the sender and destroy all copies of the communication. Content within this email communication is not legally binding as a contract and no promises are guaranteed unless in a formal contract outside this email communication.
igitur qui desiderat pacem, praeparet bellum!!!
Epitoma Rei Militaris
From: Philipp Zeitschel [mailto:philipp@zeitschel.net.INVALID]
Sent: Wednesday, August 31, 2022 1:11 PM
To: user@guacamole.apache.org <ma...@guacamole.apache.org>
Subject: authToken
Hi,
i've requested an authToken via /api/tokens:
{"authToken":"54808533B1CCE7176838021B9CDD87583B04C67A9E1476A4621D453DA7F4A4AF","username":"blub","dataSource":"json","availableDataSources":["mysql","mysql-shared","json"]}
i could manually inject it into the webapp:
localStorage.setItem('GUAC_AUTH', '{"authToken":"54808533B1CCE7176838021B9CDD87583B04C67A9E1476A4621D453DA7F4A4AF","username":"blub","dataSource":"json","availableDataSources":["mysql","mysql-shared","json"]}')
what is the correct way to request an authToken and then redirect a User to the guacamole-client to establish an connection?
regards
Philipp