You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Iker Ibarguren Berasaluze <ii...@pasaia.net> on 2016/05/25 06:51:41 UTC
External link to a connection
Hi,
We have an intranet where I want to print the direct url to a connection for a user. I mean, if in my intranet I´m reading user1 profile, I want to append a button witch can be clicked in order to control this machine directly. I tried accessing guacamole mysql data but there is no the necesary info to get the url.
Is there any way to do this?
Thanks in advance
Re: External link to a connection
Posted by Iker Ibarguren Berasaluze <ii...@pasaia.net>.
Thanks!
It works perfect!
Igorlea: "Mike Jumper" <mi...@guac-dev.org>
Hartzailea: "user" <us...@guacamole.incubator.apache.org>
Bidalita: 2016(e)ko Maiatzak 25, Asteazkena 21:05:41
Gaia: Re: External link to a connection
On Tue, May 24, 2016 at 11:51 PM, Iker Ibarguren Berasaluze < iibarguren@pasaia.net > wrote:
Hi,
We have an intranet where I want to print the direct url to a connection for a user. I mean, if in my intranet I´m reading user1 profile, I want to append a button witch can be clicked in order to control this machine directly. I tried accessing guacamole mysql data but there is no the necesary info to get the url.
Is there any way to do this?
The necessary information is indeed there - you just need to know how to generate the URL. The base64 bit after ".../guacamole/client/" in the URL of a connection is built from the following information:
1. The connection identifier (in MySQL / PostgreSQL, this will be the connection ID)
2. The type ("c" for connections and "g" for balancing groups)
3. The identifier of the auth provider storing the connection data (usually "postgresql", "mysql", or "ldap" - in your case the correct value would be "mysql")
Each of these components separated from the other by a single NULL character (U+0000), with the resulting string encoded with base64.
For example, "NQBjAHBvc3RncmVzcWw=", a valid base64 string taken from an actual Guacamole deployment, decodes to:
$ echo 'NQBjAHBvc3RncmVzcWw=' | base64 -d | xxd
0000000: 3500 6300 706f 7374 6772 6573 716c 5.c.postgresql
$
"5" being the connection identifier, "c" indicating that this is a connection and not a group, and "postgresql" representing the auth provider (PostgreSQL). Within the Guacamole web application, this string is generated within JavaScript by the "ClientIdentifier" class using "ClientIdentifier.toString()" function:
https://github.com/apache/incubator-guacamole-client/blob/0.9.9/guacamole/src/main/webapp/app/navigation/types/ClientIdentifier.js#L99-L119
The base64 identifier actually only has meaning to the JavaScript code - it is decoded and parsed out into its individual components prior to making the request to open the tunnel, at which point these values are included as normal HTTP parameters:
https://github.com/apache/incubator-guacamole-client/blob/0.9.9/guacamole/src/main/webapp/app/client/types/ManagedClient.js#L428-L435
https://github.com/apache/incubator-guacamole-client/blob/0.9.9/guacamole/src/main/webapp/app/client/types/ManagedClient.js#L153-L216
The easiest way to obtain this string would be to simply copy it from the URL of the connection from within the Guacamole interface, but you can also use the above algorithm to generate it yourself.
Note that this does not bypass authentication - the users will still need to authenticate with Guacamole to gain access to any connection, even if they know the URL ahead of time.
If you would rather that users login to your existing application only, the proper way to achieve this is to integrate Guacamole into that application using an extension (such that Guacamole can validate the user's authenticated status and pull their data, without prompting them again for credentials). Avoid the temptation to disable Guacamole's authentication entirely; it may seem simpler, but it is an EXTREMELY bad idea.
Hope this helps,
- Mike
Re: External link to a connection
Posted by Mike Jumper <mi...@guac-dev.org>.
On Tue, May 24, 2016 at 11:51 PM, Iker Ibarguren Berasaluze <
iibarguren@pasaia.net> wrote:
> Hi,
> We have an intranet where I want to print the direct url to a connection
> for a user. I mean, if in my intranet I´m reading user1 profile, I want to
> append a button witch can be clicked in order to control this machine
> directly. I tried accessing guacamole mysql data but there is no the
> necesary info to get the url.
>
> Is there any way to do this?
>
The necessary information is indeed there - you just need to know how to
generate the URL. The base64 bit after ".../guacamole/client/" in the URL
of a connection is built from the following information:
1. The connection identifier (in MySQL / PostgreSQL, this will be the
connection ID)
2. The type ("c" for connections and "g" for balancing groups)
3. The identifier of the auth provider storing the connection data (usually
"postgresql", "mysql", or "ldap" - in your case the correct value would be
"mysql")
Each of these components separated from the other by a single NULL
character (U+0000), with the resulting string encoded with base64.
For example, "NQBjAHBvc3RncmVzcWw=", a valid base64 string taken from an
actual Guacamole deployment, decodes to:
$ echo 'NQBjAHBvc3RncmVzcWw=' | base64 -d | xxd
0000000: 3500 6300 706f 7374 6772 6573 716c 5.c.postgresql
$
"5" being the connection identifier, "c" indicating that this is a
connection and not a group, and "postgresql" representing the auth provider
(PostgreSQL). Within the Guacamole web application, this string is
generated within JavaScript by the "ClientIdentifier" class using
"ClientIdentifier.toString()" function:
https://github.com/apache/incubator-guacamole-client/blob/0.9.9/guacamole/src/main/webapp/app/navigation/types/ClientIdentifier.js#L99-L119
The base64 identifier actually only has meaning to the JavaScript code - it
is decoded and parsed out into its individual components prior to making
the request to open the tunnel, at which point these values are included as
normal HTTP parameters:
https://github.com/apache/incubator-guacamole-client/blob/0.9.9/guacamole/src/main/webapp/app/client/types/ManagedClient.js#L428-L435
https://github.com/apache/incubator-guacamole-client/blob/0.9.9/guacamole/src/main/webapp/app/client/types/ManagedClient.js#L153-L216
The easiest way to obtain this string would be to simply copy it from the
URL of the connection from within the Guacamole interface, but you can also
use the above algorithm to generate it yourself.
Note that this does not bypass authentication - the users will still need
to authenticate with Guacamole to gain access to any connection, even if
they know the URL ahead of time.
If you would rather that users login to your existing application only, the
proper way to achieve this is to integrate Guacamole into that application
using an extension (such that Guacamole can validate the user's
authenticated status and pull their data, without prompting them again for
credentials). Avoid the temptation to disable Guacamole's authentication
entirely; it may seem simpler, but it is an EXTREMELY bad idea.
Hope this helps,
- Mike