Thanks for reply. On 2019-03-20 01:26, Nick Couchman wrote: > This is where I get a little fuzzy - it's been quite a while since I actually > used the file authentication module for much of anything. I believe their > may be some limitations to the stacking done > with that module - that is, I don't know that the file authentication module > actually recognizes the user accounts as authenticated from other modules. > I'm not saying for certain that it doesn't, > just that there's some distant memory I have that maybe that module doesn't > work that way, and that connections specified in the File provider will not > necessarily be available to users > authenticated through other modules. That's why I decided to ask here in this maillist before I jump into the source code. As I see from the source code of header auth module, it only creates an instance of AuthenticatedUser hence there should be some other module in the chain that can pick up the user name from that object and create GuacamoleConfiguration and UserContext for it. In its turn file auth does not allow null password, see Authorization:181 <https://github.com/apache/guacamole-client/blob/d1e928bea79ca81c827e9b6adedabc98eefdf701/guacamole/src/main/java/org/apache/guacamole/auth/file/Authorization.java#L181> hence this module will not deliver / populate connections for given user. I wonder how it is supposed to work? How Guacamole decides in which order to call providers? I order is undefined, then I don't see any reasonable way to make chaining possible. The only way out then is for HTTPHeaderAuthenticationProvider to extend FileAuthenticationProvider... As for HTTPHeaderAuthenticationProvider implementation, I am a bit concerned. It uses such powerful tool as Guice / IoC just to perform static bindings? Then it's an overkill. > You say that you don't get automatically connected to the VNC server - do you > see the connection at all on the home screen? Or is it a blank screen, with > no connections? I don't see any connections on home screen. In other words, I see only blank white panes. > My suggestion would be to use the JDBC module to store connections. It > requires a little bit of extra work and a few extra resources to configure, > but definitey works with the other modules and > also gives you some flexibility in permission management among users. I would like not to go that way. Maybe it's not so complicated to setup, but I would like to keep everything simple. > The File provider handles both cases - either the single connection > specified within the <authorize></authorize> context, or multiple connections > specified within their own > <connection></connection> contexts. Could you please put that phrase into documentation? As an option I can create a pull request.
-- With best regards, Dmitry
