Hi there! I’m new to Guacamole, and have successfully installed it (v1.5.4) in order to implement clientless VPN RDP access to our network. The Guacamole server is placed behind a corporate firewall which strongly authenticates users and then serves them the Guacamole web-app through its own native reverse-proxy engine.
I installed the LDAP authentication extension, expanded our Active Directory Schema (adding the guacConfigProtocol and guacConfigParameter attributes along with the guacConfigGroup class), and everything is working fine in this aspect, I.e., connections and connection parameters are all managed within Active Directory. The last missing piece is header authentication – our firewall is able to pass on the authenticated username as a custom HTTP header, but after installing and testing out guacamole-auth-header-1.5.4.jar I stumbled into the following problem: Our firewall encodes the username header in BASE64, but the Guacamole header extension does seem to support it and seems to be expecting clear-text usernames. After investigating the issue, there is no way we can tweak our firewall to avoid encoding the username, it strictly enforces this behavior. Has anyone stumbled into this problem before? Is there some known way the header extension can support BASE64 encoding? If not, where can I find the header extension source code in order to try and add support for BASE64 myself? Thanks in advance and best regards, Uri Inbar הודעת דואר אלקטרוני זו נשלחה אליך מבית החולים אלי"ן. יתכן שבהודעה כלול מידע רפואי רגיש המוגן בחוק הגנת הפרטיות התשמ"ה 1981, מידע שנועד לשימושם הבלעדי של המכותבים הישירים אליהם נשלחה ההודעה במקור. אם ההודעה אינה מיועדת לך, ואף שיתכן שהגיעה אליך בטעות, הרי שחלה עליך חובת שמירת סודיות. במקרה כזה אנא עדכן באופן מיידי את השולח, ומחק/י את כל עותקיה של ההודעה הנמצאים ברשותך. The contents of this email was sent to you by ALYN Hospital. This email might contain confidential medical information, which is legally protected by the 1981 privacy law. This information is intended only for the use of the original addressee/s of the email from the original sender only. If you are not an intended recipient of the original sender, you are hereby notified that any disclosure, copying, and distribution of this information, is strictly prohibited. If you have received this email in error, please immediately notify the sender and delete any copies of this email in your possession.
