On Mon, Oct 21, 2024 at 7:32 AM Abdul Qadir <abdul.qa...@agreeya.com.invalid> wrote:
> I have a web application that includes a feature for HTML5-based RDP > access to various machines. Previously, we used Lenovo’s HTML5 WebRDP > solution, which allowed us to connect to machines by simply providing > parameters in the URL, such as the WebRDP server IP, the target server IP > for RDP, and the username/password for the target machine. This made it > easy to establish RDP connections. > > As this product has reached its end of life, we are exploring alternative > solutions with similar capabilities and have come across Apache Guacamole. > However, after installing Guacamole, we are having difficulty achieving the > same level of functionality. > > Could anyone please assist us in configuring Guacamole to replicate the > functionality we had with Lenovo’s solution? Any guidance or support would > be greatly appreciated. > > > In order to accomplish what you're describing with Guacamole you'd likely need to write some custom code of some sort, as Guacamole Client currently does not provide a way to create connections simply by providing the connection parameters as part of a URL. Here are a few ways that you might be able to accomplish that or something similar, though: * Without writing any code, you could use the "QuickConnect" extension to allow users to log in to Guacamole and then enter a connection URI (for example: rdp://1.2.3.4:3389/?username=blah) and access the connections. This isn't quite the same as the functionality you're describing, but would be quite similar in allowing users who have access to Guacamole to log in and enter arbitrary connection data and establish those connections via the web. Documentation is here: https://guacamole.apache.org/doc/gug/adhoc-connections.html. * The JSON extension lets you provide encrypted JSON to the extension which will both authenticate a user and provide connection data for that user from some external system. This would require having or writing some external system that would let you specify that data, so that would require some amount of coding, but from the Guacamole side there's really no code to write, just have to send the expected JSON to Guacamole. Documentation for that extension is here: https://guacamole.apache.org/doc/gug/json-auth.html. * You could either modify the code on the QuickConnect extension to accept, or write your own extension that accepts, connection parameters as part of a URL and creates the connection with that data. This would get much closer to the functionality you're accustomed to with Lenovo's product, but would definitely require some custom code. * Finally, you could just write your own web application that uses the guacamole-common and guacamole-common-js code and does not use the full Guacamole Client code. This would require the largest amount of coding, but could probably get you closer to the functionality you're expecting. I'd also just highlight that it's important to keep security in mind when providing or implementing a solution that accepts arbitrary connection data as URL parameters and establishes connection - depending on where you provide this access and who you provide it to, you introduce varying levels of risk that the system will be abused - knowingly or not - by people who want to bypass other controls or just don't know what they're doing. Even the "QuickConnect" extension in Guacamole introduces this risk to some degree. Guacamole provides the capability for bi-directional file transfer as well as clipboard transfer, which can introduce the risk of both data loss and the introduction of malicious code into the environment. Again, just something to keep in mind. -Nick >
