[
https://issues.apache.org/jira/browse/GUACAMOLE-1673?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Philipp Zeitschel updated GUACAMOLE-1673:
-----------------------------------------
Description:
Hi,
the extension auth json is available within the official docker container.
But there is no documention how to set the json-secret-key
i tried it like this:
{code:java}
-e JSON_SECRET_KEY={code}
and i can see that it gets loaded:
{code:java}
14:46:05.917 [localhost-startStop-1] INFO o.a.g.extension.ExtensionModule -
Extension "Encrypted JSON Authentication" (json) loaded.{code}
but if i try to use it:
{code:java}
ironsrv ~ # curl --data-urlencode "data=$(cat encrypted)"
https://remote.z.lab/api/tokens | jq .
{
"message": "Invalid login.",
"translatableMessage": {
"key": "APP.TEXT_UNTRANSLATED",
"variables": {
"MESSAGE": "Invalid login."
}
},
"statusCode": null,
"expected": [
{
"name": "id_token",
"type": "REDIRECT",
"redirectUrl":
"https://xxxx/realms/z/protocol/openid-connect/auth?scope=openid+email+profile&response_type=id_token&client_id=guacamole&redirect_uri=https%3A%2F%2Fremote.z.lab&nonce=47s3kljajr5v7mrku8luip8mlt";,
"translatableMessage": {
"key": "LOGIN.INFO_IDP_REDIRECT_PENDING",
"variables": null
}
}
],
"type": "INVALID_CREDENTIALS"
}
{code}
but i can see that the environmentvariable is correct, because i can find it in
the generated guacamole.properties
{code:java}
ironsrv ~ # cat
/var/lib/docker/overlay2/b7bf66c82263776e0c37d597f76eaf7c4e337ae8842b98a7906b1f44aac5fa74/merged/home/guacamole/.guacamole/guacamole.properties
# guacamole.properties - generated Tue Aug 30 04:01:35 PM UTC 2022
guacd-hostname: 172.17.0.4
guacd-port: 4822
mysql-username: root
mysql-password: xxxx
mysql-database: guacamole
mysql-hostname: 172.17.0.5
mysql-port: 3306
openid-authorization-endpoint: https://xxx/realms/z/protocol/openid-connect/auth
openid-jwks-endpoint: https://xxx/realms/z/protocol/openid-connect/certs
openid-issuer: https://xxx/realms/z
openid-client-id: guacamole
openid-redirect-uri: https://remote.z.lab
openid-username-claim-type: preferred_username
json-secret-key: dfdd084deb513283a34f622de928746 {code}
seems like it uses the configured openid authorization, thats why i tried to
start the container only with -e JSON_SECRECT_KEY:
{code:java}
docker run --restart unless-stopped --name guacamole --link guacd:guacd -e
JSON_SECRET_KEY=dfdd084deb513283a34f622de9287467 -d -p 8888:8080
guacamole/guacamole{code}
but then i get
{code:java}
FATAL: No authentication configured{code}
so i think the startupscript that generates the guacamole.properties just needs
a little correction, but i can't find the repository where the Docker Container
is maintained. If it is a simple bash script i could correct it on my own and
send a PR
regards
was:
Hi,
the extension auth json is available within the official docker container.
But there is no documention how to set the json-secret-key
i tried it like this:
{code:java}
-e JSON_SECRET_KEY={code}
and i can see that it gets loaded:
{code:java}
14:46:05.917 [localhost-startStop-1] INFO o.a.g.extension.ExtensionModule -
Extension "Encrypted JSON Authentication" (json) loaded.{code}
but if i try to use it:
i
{code:java}
ronsrv ~ # curl --data-urlencode "data=$(cat encrypted)"
https://remote.z.lab/api/tokens | jq .
{
"message": "Invalid login.",
"translatableMessage": {
"key": "APP.TEXT_UNTRANSLATED",
"variables": {
"MESSAGE": "Invalid login."
}
},
"statusCode": null,
"expected": [
{
"name": "id_token",
"type": "REDIRECT",
"redirectUrl":
"https://xxxx/realms/z/protocol/openid-connect/auth?scope=openid+email+profile&response_type=id_token&client_id=guacamole&redirect_uri=https%3A%2F%2Fremote.z.lab&nonce=47s3kljajr5v7mrku8luip8mlt";,
"translatableMessage": {
"key": "LOGIN.INFO_IDP_REDIRECT_PENDING",
"variables": null
}
}
],
"type": "INVALID_CREDENTIALS"
}
{code}
seems like it uses the configured openid authorization, thats why i tried to
start the container only with -e JSON_SECRECT_KEY:
{code:java}
docker run --restart unless-stopped --name guacamole --link guacd:guacd -e
JSON_SECRET_KEY=dfdd084deb513283a34f622de9287467 -d -p 8888:8080
guacamole/guacamole{code}
but then i get
{code:java}
FATAL: No authentication configured{code}
so i think that the environment parameter is not correct.
what is the correct parameter to use the integrated json extension?
regards
Issue Type: Bug (was: Improvement)
Priority: Major (was: Minor)
> Docker Documentaion
> -------------------
>
> Key: GUACAMOLE-1673
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1673
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-json
> Affects Versions: 1.4.0
> Reporter: Philipp Zeitschel
> Priority: Major
>
> Hi,
> the extension auth json is available within the official docker container.
> But there is no documention how to set the json-secret-key
> i tried it like this:
> {code:java}
> -e JSON_SECRET_KEY={code}
> and i can see that it gets loaded:
> {code:java}
> 14:46:05.917 [localhost-startStop-1] INFO o.a.g.extension.ExtensionModule -
> Extension "Encrypted JSON Authentication" (json) loaded.{code}
> but if i try to use it:
> {code:java}
> ironsrv ~ # curl --data-urlencode "data=$(cat encrypted)"
> https://remote.z.lab/api/tokens | jq .
> {
> "message": "Invalid login.",
> "translatableMessage": {
> "key": "APP.TEXT_UNTRANSLATED",
> "variables": {
> "MESSAGE": "Invalid login."
> }
> },
> "statusCode": null,
> "expected": [
> {
> "name": "id_token",
> "type": "REDIRECT",
> "redirectUrl":
> "https://xxxx/realms/z/protocol/openid-connect/auth?scope=openid+email+profile&response_type=id_token&client_id=guacamole&redirect_uri=https%3A%2F%2Fremote.z.lab&nonce=47s3kljajr5v7mrku8luip8mlt";,
> "translatableMessage": {
> "key": "LOGIN.INFO_IDP_REDIRECT_PENDING",
> "variables": null
> }
> }
> ],
> "type": "INVALID_CREDENTIALS"
> }
>
> {code}
> but i can see that the environmentvariable is correct, because i can find it
> in the generated guacamole.properties
> {code:java}
> ironsrv ~ # cat
> /var/lib/docker/overlay2/b7bf66c82263776e0c37d597f76eaf7c4e337ae8842b98a7906b1f44aac5fa74/merged/home/guacamole/.guacamole/guacamole.properties
> # guacamole.properties - generated Tue Aug 30 04:01:35 PM UTC 2022
> guacd-hostname: 172.17.0.4
> guacd-port: 4822
> mysql-username: root
> mysql-password: xxxx
> mysql-database: guacamole
> mysql-hostname: 172.17.0.5
> mysql-port: 3306
> openid-authorization-endpoint:
> https://xxx/realms/z/protocol/openid-connect/auth
> openid-jwks-endpoint: https://xxx/realms/z/protocol/openid-connect/certs
> openid-issuer: https://xxx/realms/z
> openid-client-id: guacamole
> openid-redirect-uri: https://remote.z.lab
> openid-username-claim-type: preferred_username
> json-secret-key: dfdd084deb513283a34f622de928746 {code}
>
> seems like it uses the configured openid authorization, thats why i tried to
> start the container only with -e JSON_SECRECT_KEY:
> {code:java}
> docker run --restart unless-stopped --name guacamole --link guacd:guacd -e
> JSON_SECRET_KEY=dfdd084deb513283a34f622de9287467 -d -p 8888:8080
> guacamole/guacamole{code}
> but then i get
> {code:java}
> FATAL: No authentication configured{code}
>
> so i think the startupscript that generates the guacamole.properties just
> needs a little correction, but i can't find the repository where the Docker
> Container is maintained. If it is a simple bash script i could correct it on
> my own and send a PR
> regards
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
