> On Dec 13, 2017, at 6:44 AM, genesis <gg...@live.com> wrote: > Did just substitute the GUAC_AUTH value with the encoded jwt?
No, we did not replace the GUAC_AUTH cookie. That's private state for Guacamole itself, so we didn't want to muck with it. We simply added our own cookie to the browser using a REST service running in the same domain, and evaluated that cookie in our custom auth provider when called in the getAuthorizedConfigurations(Credentials) method. carl
