Thanks Nick—to test my basic setup, I tried copying that extension from the
1.5.4 branch (to match the current version of gauc I'm running in docker),
and built it. I had to make 2 changes—not sure if this is expected, but it
required a <version>7.0.0</version> entry in the Guice dependency (not sure
if the latest version is correct), and I also had to add these lines to the
pom:
<properties>
<maven.compiler.source>11</maven.compiler.source>
<maven.compiler.target>11</maven.compiler.target>
</properties>
I was then able to compile and install the extension in
guacamole-home/extensions/ before rebuilding and restarting the container.
But during startup, I see this in the logs:
guacamole_compose | 09:54:10.264 [localhost-startStop-1] ERROR
o.a.g.extension.ExtensionModule - Extension
"guacamole-auth-header-1.5.4.jar" could not be loaded: Authentication
provider class cannot be loaded (wrong version of API?).
I'm guessing this (and the earlier changes I had to make (including
removing the <parent></parent> entry from the pom) is because I'm trying to
build this in isolation outside the main source tree; is that right? If so,
do I need to just install the whole client to build this extension, or is
it something else?
Many thanks for your ongoing help :).
On Wed, 19 Jun 2024 at 00:40, Nick Couchman <vn...@apache.org> wrote:
> On Tue, Jun 18, 2024 at 12:13 PM David Lomas <d...@pale-eds.co.uk.invalid>
> wrote:
>
>> Thanks Nick—definitely heading out of my depth here, but are you saying
>> we don't need to provide an authentication provider at all? Or just not
>> override the default getAuthorizedConfigurations() function? I'm looking at
>> the LDAP & JSON auth extension source code and trying to piece together a
>> minimal skeleton which can accept Credentials and return a User with
>> associated group. Is there anything more straightforward than those?
>>
>>
> Sorry the confusion - you'll still need to implement the authentication
> provider, you just don't need to override getAuthorizedConfigurations(),
> you'll just need to make sure that your authentication provider has a User
> implementation that provides the desired groups via an override to
> getUserGroups().
>
> Honestly, you might take a look at the guacamole-auth-header module - it
> may be a better starting point for you to then just:
> * Adjust
> extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java
> to authenticate with whatever your authentication credentials/method are/is.
> *
> Adjust
> extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java
> to override getUserGroups() to return the groups you're looking for.
>
> -Nick
>
>>
