[
https://issues.apache.org/jira/browse/GUACAMOLE-1673?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nick Couchman closed GUACAMOLE-1673.
------------------------------------
Resolution: Duplicate
This was fixed via GUACAMOLE-1539, and will go into release 1.5.0 which is
being worked/finalized. We do not have a release date identified - it will be
released when the remaining issues assigned to the release are closed out.
> Docker Documentaion
> -------------------
>
> Key: GUACAMOLE-1673
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1673
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-json
> Affects Versions: 1.4.0
> Reporter: Philipp Zeitschel
> Priority: Major
>
> Hi,
> the extension auth json is available within the official docker container.
> But there is no documention how to set the json-secret-key
> i tried it like this:
> {code:java}
> -e JSON_SECRET_KEY={code}
> and i can see that it gets loaded:
> {code:java}
> 14:46:05.917 [localhost-startStop-1] INFO o.a.g.extension.ExtensionModule -
> Extension "Encrypted JSON Authentication" (json) loaded.{code}
> but if i try to use it:
>
> {code:java}
> ironsrv ~ # cat test.json | jq -e
> {
> "username": "blub",
> "expires": 16621868260000,
> "connections": {
> "Knecht": {
> "protocol": "rdp",
> "parameters": {
> "domain": "z",
> "drive-path": "/storage",
> "enable-drive": "true",
> "hostname": "192.168.1.1",
> "ignore-cert": "true",
> "password": "xxx",
> "port": "3389",
> "security": "any",
> "server-layout": "de-de-qwertz",
> "username": "xxx"
> }
> }
> }
> } {code}
>
>
> {code:java}
> ironsrv ~ # curl --data-urlencode "data=$(./encrypt-json.sh
> dfdd084deb513283a34f622de9287467 test.json)" https://remote.z.lab/api/tokens
> | jq .
> {
> "message": "Invalid login.",
> "translatableMessage": {
> "key": "APP.TEXT_UNTRANSLATED",
> "variables": {
> "MESSAGE": "Invalid login."
> }
> },
> "statusCode": null,
> "expected": [
> {
> "name": "id_token",
> "type": "REDIRECT",
> "redirectUrl":
> "https://xxx/realms/z/protocol/openid-connect/auth?scope=openid+email+profile&response_type=id_token&client_id=guacamole&redirect_uri=https%3A%2F%2Fremote.z.lab&nonce=bdeath9affrhs7cp0edd5re4ll";,
> "translatableMessage": {
> "key": "LOGIN.INFO_IDP_REDIRECT_PENDING",
> "variables": null
> }
> }
> ],
> "type": "INVALID_CREDENTIALS"
> }
> ironsrv ~ #{code}
> but i can see that the environmentvariable is correct, because i can find it
> in the generated guacamole.properties
> {code:java}
> ironsrv ~ # cat
> /var/lib/docker/overlay2/b7bf66c82263776e0c37d597f76eaf7c4e337ae8842b98a7906b1f44aac5fa74/merged/home/guacamole/.guacamole/guacamole.properties
> # guacamole.properties - generated Tue Aug 30 04:01:35 PM UTC 2022
> guacd-hostname: 172.17.0.4
> guacd-port: 4822
> mysql-username: root
> mysql-password: xxxx
> mysql-database: guacamole
> mysql-hostname: 172.17.0.5
> mysql-port: 3306
> openid-authorization-endpoint:
> https://xxx/realms/z/protocol/openid-connect/auth
> openid-jwks-endpoint: https://xxx/realms/z/protocol/openid-connect/certs
> openid-issuer: https://xxx/realms/z
> openid-client-id: guacamole
> openid-redirect-uri: https://remote.z.lab
> openid-username-claim-type: preferred_username
> json-secret-key: dfdd084deb513283a34f622de928746 {code}
>
> seems like it uses the configured openid authorization, thats why i tried to
> start the container only with -e JSON_SECRECT_KEY:
> {code:java}
> docker run --restart unless-stopped --name guacamole --link guacd:guacd -e
> JSON_SECRET_KEY=dfdd084deb513283a34f622de9287467 -d -p 8888:8080
> guacamole/guacamole{code}
> but then i get
> {code:java}
> FATAL: No authentication configured{code}
>
> so i think the startupscript that generates the guacamole.properties just
> needs a little correction, but i can't find the repository where the Docker
> Container is maintained. If it is a simple bash script i could correct it on
> my own and send a PR
> regards
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
