[GUACAMOLE-1673] Docker Documentaion - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Duplicate
Affects Version/s: 1.4.0
Fix Version/s: None
Component/s: guacamole-auth-json
Labels:
None

Description

Hi,

the extension auth json is available within the official docker container.

But there is no documention how to set the json-secret-key

i tried it like this:

-e JSON_SECRET_KEY=

and i can see that it gets loaded:

14:46:05.917 [localhost-startStop-1] INFO  o.a.g.extension.ExtensionModule - Extension "Encrypted JSON Authentication" (json) loaded.

but if i try to use it:

ironsrv ~ # cat test.json | jq -e
{
  "username": "blub",
  "expires": 16621868260000,
  "connections": {
    "Knecht": {
      "protocol": "rdp",
      "parameters": {
        "domain": "z",
        "drive-path": "/storage",
        "enable-drive": "true",
        "hostname": "192.168.1.1",
        "ignore-cert": "true",
        "password": "xxx",
        "port": "3389",
        "security": "any",
        "server-layout": "de-de-qwertz",
        "username": "xxx"
      }
    }
  }
}

ironsrv ~ # curl --data-urlencode "data=$(./encrypt-json.sh dfdd084deb513283a34f622de9287467 test.json)" https://remote.z.lab/api/tokens | jq .
{
  "message": "Invalid login.",
  "translatableMessage": {
    "key": "APP.TEXT_UNTRANSLATED",
    "variables": {
      "MESSAGE": "Invalid login."
    }
  },
  "statusCode": null,
  "expected": [
    {
      "name": "id_token",
      "type": "REDIRECT",
      "redirectUrl": "https://xxx/realms/z/protocol/openid-connect/auth?scope=openid+email+profile&response_type=id_token&client_id=guacamole&redirect_uri=https%3A%2F%2Fremote.z.lab&nonce=bdeath9affrhs7cp0edd5re4ll",
      "translatableMessage": {
        "key": "LOGIN.INFO_IDP_REDIRECT_PENDING",
        "variables": null
      }
    }
  ],
  "type": "INVALID_CREDENTIALS"
}
ironsrv ~ #

but i can see that the environmentvariable is correct, because i can find it in the generated guacamole.properties

ironsrv ~ # cat /var/lib/docker/overlay2/b7bf66c82263776e0c37d597f76eaf7c4e337ae8842b98a7906b1f44aac5fa74/merged/home/guacamole/.guacamole/guacamole.properties
# guacamole.properties - generated Tue Aug 30 04:01:35 PM UTC 2022
guacd-hostname: 172.17.0.4
guacd-port: 4822
mysql-username: root
mysql-password: xxxx
mysql-database: guacamole
mysql-hostname: 172.17.0.5
mysql-port: 3306
openid-authorization-endpoint: https://xxx/realms/z/protocol/openid-connect/auth
openid-jwks-endpoint: https://xxx/realms/z/protocol/openid-connect/certs
openid-issuer: https://xxx/realms/z
openid-client-id: guacamole
openid-redirect-uri: https://remote.z.lab
openid-username-claim-type: preferred_username
json-secret-key: dfdd084deb513283a34f622de928746

seems like it uses the configured openid authorization, thats why i tried to start the container only with -e JSON_SECRECT_KEY:

docker run --restart unless-stopped --name guacamole --link guacd:guacd -e JSON_SECRET_KEY=dfdd084deb513283a34f622de9287467 -d -p 8888:8080 guacamole/guacamole

but then i get

FATAL: No authentication configured

so i think the startupscript that generates the guacamole.properties just needs a little correction, but i can't find the repository where the Docker Container is maintained. If it is a simple bash script i could correct it on my own and send a PR

regards

Attachments

Issue Links

duplicates

GUACAMOLE-1539 "FATAL: No authentication configured" when using the auth-json extension

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Philipp Zeitschel

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 30/Aug/22 15:44

Updated:: 31/Aug/22 15:13

Resolved:: 31/Aug/22 15:13