On Fri, Nov 17, 2017 at 10:29 AM, Masood <masoodhussai...@gmail.com> wrote:
> I am trying to add HTTP header auth extension into guacamole. I have > followed > all the instructions from the chapter 9 of Manual. The jar file is in the > extension folder, but I don't see any new loaded extension in syslog. I > have > not added any new property to the guacamole.properties. As it is optional > > I am using Tomcat 7. Do I need to change some properties in Tomcat to allow > HTTP headers? > > Also, I don't understand the following line in manual "If your > authentication system uses a different HTTP header" I don't have any > authentication system. Do I need to install it? Is it in Tomcat or 3rd > party > application. > You need to configure your web server - either Tomcat or your reverse proxy web server, if you're proxying it through nginx or httpd, for example - to do HTTP authentication. You can find configuration examples for BASIC authentication in the following document - item #5: http://archive.oreilly.com/pub/a/java/archive/tomcat-tips.html If you're proxying Guacamole through Apache httpd, you'd do something like this in your configuration: <Location /guacamole> ... AuthType basic AuthName "Basic Authentication" AuthBasicProvider file AuthUserFile /etc/httpd/guacamole.users Require valid-user </Location> By default Apache will set the REMOTE_USER header during authentication, which should be passed through to Tomcat and accessible by Guacamole. Nginx has similar options: https://www.nginx.com/resources/admin-guide/restricting-access-auth-basic/ -Nick
