[
https://issues.apache.org/jira/browse/GUACAMOLE-1673?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Philipp Zeitschel updated GUACAMOLE-1673:
-----------------------------------------
Description:
Hi,
the extension auth json is available within the official docker container.
But there is no documention how to set the json-secret-key
i tried it like this:
{code:java}
-e JSON_SECRET_KEY={code}
and i can see that it gets loaded:
{code:java}
14:46:05.917 [localhost-startStop-1] INFO o.a.g.extension.ExtensionModule -
Extension "Encrypted JSON Authentication" (json) loaded.{code}
but if i try to use it:
{code:java}
ironsrv ~ # cat test.json | jq -e
{
"username": "blub",
"expires": 16621868260000,
"connections": {
"Knecht": {
"protocol": "rdp",
"parameters": {
"domain": "z",
"drive-path": "/storage",
"enable-drive": "true",
"hostname": "192.168.1.1",
"ignore-cert": "true",
"password": "xxx",
"port": "3389",
"security": "any",
"server-layout": "de-de-qwertz",
"username": "xxx"
}
}
}
} {code}
{code:java}
ironsrv ~ # curl --data-urlencode "data=$(./encrypt-json.sh
dfdd084deb513283a34f622de9287467 test.json)" https://remote.z.lab/api/tokens |
jq .{ "message": "Invalid login.", "translatableMessage": { "key":
"APP.TEXT_UNTRANSLATED", "variables": { "MESSAGE": "Invalid login."
} }, "statusCode": null, "expected": [ { "name": "id_token",
"type": "REDIRECT", "redirectUrl":
"https://xxxx/realms/z/protocol/openid-connect/auth?scope=openid+email+profile&response_type=id_token&client_id=guacamole&redirect_uri=https%3A%2F%2Fremote.z.lab&nonce=47s3kljajr5v7mrku8luip8mlt";,
"translatableMessage": { "key":
"LOGIN.INFO_IDP_REDIRECT_PENDING", "variables": null } } ],
"type": "INVALID_CREDENTIALS" } {code}
but i can see that the environmentvariable is correct, because i can find it in
the generated guacamole.properties
{code:java}
ironsrv ~ # cat
/var/lib/docker/overlay2/b7bf66c82263776e0c37d597f76eaf7c4e337ae8842b98a7906b1f44aac5fa74/merged/home/guacamole/.guacamole/guacamole.properties
# guacamole.properties - generated Tue Aug 30 04:01:35 PM UTC 2022
guacd-hostname: 172.17.0.4
guacd-port: 4822
mysql-username: root
mysql-password: xxxx
mysql-database: guacamole
mysql-hostname: 172.17.0.5
mysql-port: 3306
openid-authorization-endpoint: https://xxx/realms/z/protocol/openid-connect/auth
openid-jwks-endpoint: https://xxx/realms/z/protocol/openid-connect/certs
openid-issuer: https://xxx/realms/z
openid-client-id: guacamole
openid-redirect-uri: https://remote.z.lab
openid-username-claim-type: preferred_username
json-secret-key: dfdd084deb513283a34f622de928746 {code}
seems like it uses the configured openid authorization, thats why i tried to
start the container only with -e JSON_SECRECT_KEY:
{code:java}
docker run --restart unless-stopped --name guacamole --link guacd:guacd -e
JSON_SECRET_KEY=dfdd084deb513283a34f622de9287467 -d -p 8888:8080
guacamole/guacamole{code}
but then i get
{code:java}
FATAL: No authentication configured{code}
so i think the startupscript that generates the guacamole.properties just needs
a little correction, but i can't find the repository where the Docker Container
is maintained. If it is a simple bash script i could correct it on my own and
send a PR
regards
was:
Hi,
the extension auth json is available within the official docker container.
But there is no documention how to set the json-secret-key
i tried it like this:
{code:java}
-e JSON_SECRET_KEY={code}
and i can see that it gets loaded:
{code:java}
14:46:05.917 [localhost-startStop-1] INFO o.a.g.extension.ExtensionModule -
Extension "Encrypted JSON Authentication" (json) loaded.{code}
but if i try to use it:
{code:java}
ironsrv ~ # curl --data-urlencode "data=$(cat encrypted)"
https://remote.z.lab/api/tokens | jq .
{
"message": "Invalid login.",
"translatableMessage": {
"key": "APP.TEXT_UNTRANSLATED",
"variables": {
"MESSAGE": "Invalid login."
}
},
"statusCode": null,
"expected": [
{
"name": "id_token",
"type": "REDIRECT",
"redirectUrl":
"https://xxxx/realms/z/protocol/openid-connect/auth?scope=openid+email+profile&response_type=id_token&client_id=guacamole&redirect_uri=https%3A%2F%2Fremote.z.lab&nonce=47s3kljajr5v7mrku8luip8mlt";,
"translatableMessage": {
"key": "LOGIN.INFO_IDP_REDIRECT_PENDING",
"variables": null
}
}
],
"type": "INVALID_CREDENTIALS"
}
{code}
but i can see that the environmentvariable is correct, because i can find it in
the generated guacamole.properties
{code:java}
ironsrv ~ # cat
/var/lib/docker/overlay2/b7bf66c82263776e0c37d597f76eaf7c4e337ae8842b98a7906b1f44aac5fa74/merged/home/guacamole/.guacamole/guacamole.properties
# guacamole.properties - generated Tue Aug 30 04:01:35 PM UTC 2022
guacd-hostname: 172.17.0.4
guacd-port: 4822
mysql-username: root
mysql-password: xxxx
mysql-database: guacamole
mysql-hostname: 172.17.0.5
mysql-port: 3306
openid-authorization-endpoint: https://xxx/realms/z/protocol/openid-connect/auth
openid-jwks-endpoint: https://xxx/realms/z/protocol/openid-connect/certs
openid-issuer: https://xxx/realms/z
openid-client-id: guacamole
openid-redirect-uri: https://remote.z.lab
openid-username-claim-type: preferred_username
json-secret-key: dfdd084deb513283a34f622de928746 {code}
seems like it uses the configured openid authorization, thats why i tried to
start the container only with -e JSON_SECRECT_KEY:
{code:java}
docker run --restart unless-stopped --name guacamole --link guacd:guacd -e
JSON_SECRET_KEY=dfdd084deb513283a34f622de9287467 -d -p 8888:8080
guacamole/guacamole{code}
but then i get
{code:java}
FATAL: No authentication configured{code}
so i think the startupscript that generates the guacamole.properties just needs
a little correction, but i can't find the repository where the Docker Container
is maintained. If it is a simple bash script i could correct it on my own and
send a PR
regards
> Docker Documentaion
> -------------------
>
> Key: GUACAMOLE-1673
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1673
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-json
> Affects Versions: 1.4.0
> Reporter: Philipp Zeitschel
> Priority: Major
>
> Hi,
> the extension auth json is available within the official docker container.
> But there is no documention how to set the json-secret-key
> i tried it like this:
> {code:java}
> -e JSON_SECRET_KEY={code}
> and i can see that it gets loaded:
> {code:java}
> 14:46:05.917 [localhost-startStop-1] INFO o.a.g.extension.ExtensionModule -
> Extension "Encrypted JSON Authentication" (json) loaded.{code}
> but if i try to use it:
>
> {code:java}
> ironsrv ~ # cat test.json | jq -e
> {
> "username": "blub",
> "expires": 16621868260000,
> "connections": {
> "Knecht": {
> "protocol": "rdp",
> "parameters": {
> "domain": "z",
> "drive-path": "/storage",
> "enable-drive": "true",
> "hostname": "192.168.1.1",
> "ignore-cert": "true",
> "password": "xxx",
> "port": "3389",
> "security": "any",
> "server-layout": "de-de-qwertz",
> "username": "xxx"
> }
> }
> }
> } {code}
>
>
> {code:java}
> ironsrv ~ # curl --data-urlencode "data=$(./encrypt-json.sh
> dfdd084deb513283a34f622de9287467 test.json)" https://remote.z.lab/api/tokens
> | jq .{ "message": "Invalid login.", "translatableMessage": { "key":
> "APP.TEXT_UNTRANSLATED", "variables": { "MESSAGE": "Invalid login."
> } }, "statusCode": null, "expected": [ { "name":
> "id_token", "type": "REDIRECT", "redirectUrl":
> "https://xxxx/realms/z/protocol/openid-connect/auth?scope=openid+email+profile&response_type=id_token&client_id=guacamole&redirect_uri=https%3A%2F%2Fremote.z.lab&nonce=47s3kljajr5v7mrku8luip8mlt";,
> "translatableMessage": { "key":
> "LOGIN.INFO_IDP_REDIRECT_PENDING", "variables": null } }
> ], "type": "INVALID_CREDENTIALS" } {code}
> but i can see that the environmentvariable is correct, because i can find it
> in the generated guacamole.properties
> {code:java}
> ironsrv ~ # cat
> /var/lib/docker/overlay2/b7bf66c82263776e0c37d597f76eaf7c4e337ae8842b98a7906b1f44aac5fa74/merged/home/guacamole/.guacamole/guacamole.properties
> # guacamole.properties - generated Tue Aug 30 04:01:35 PM UTC 2022
> guacd-hostname: 172.17.0.4
> guacd-port: 4822
> mysql-username: root
> mysql-password: xxxx
> mysql-database: guacamole
> mysql-hostname: 172.17.0.5
> mysql-port: 3306
> openid-authorization-endpoint:
> https://xxx/realms/z/protocol/openid-connect/auth
> openid-jwks-endpoint: https://xxx/realms/z/protocol/openid-connect/certs
> openid-issuer: https://xxx/realms/z
> openid-client-id: guacamole
> openid-redirect-uri: https://remote.z.lab
> openid-username-claim-type: preferred_username
> json-secret-key: dfdd084deb513283a34f622de928746 {code}
>
> seems like it uses the configured openid authorization, thats why i tried to
> start the container only with -e JSON_SECRECT_KEY:
> {code:java}
> docker run --restart unless-stopped --name guacamole --link guacd:guacd -e
> JSON_SECRET_KEY=dfdd084deb513283a34f622de9287467 -d -p 8888:8080
> guacamole/guacamole{code}
> but then i get
> {code:java}
> FATAL: No authentication configured{code}
>
> so i think the startupscript that generates the guacamole.properties just
> needs a little correction, but i can't find the repository where the Docker
> Container is maintained. If it is a simple bash script i could correct it on
> my own and send a PR
> regards
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
