Modify guacamole-auth-ldap to retrieve username using cookie
€30-250 EUR
In Progress
Posted about 8 years ago
€30-250 EUR
Paid on delivery
Background:
We have an SSO system and we'd like to enable remote desktop access for our users.
The user's browser will have a session-id cookie when they are redirected to Guacamole.
This session-id is sent to FreeIPA, that returns the user's username. This username is used to query the remote desktop connection parameters.
Here is the code to modify:
[login to view URL]
Here is the extensions user guide:
[login to view URL]
Tasks:
- Bypass the username/password dialog.
- Modify the extension to send a JSON request to FreeIPA.
- Parse the username from the response.
- Let the extension retrieve the connection parameters from LDAP.
- If the username is not found in LDAP, write to error log and redirect to error page.
- If the FreeIPA returns 401 Unauthorized, write to error log and redirect to login page.
You will have to slightly modify the LDAP scheme since the original extension assumes that we have the user's password and the query is done as the user that is logging in. Modify it so that every LDAP query will be done as a privileged user.
Note: Even though the request and response are in JSON, you do not need to use a JSON library if you don't want to. Every request is identical, except for the cookie. Every response is identical, except for the username. We prefer that the request is handled as a normal sting. Your free to use regex to get the username from the response.
Real user may have multiple Guacamole LDAP users (parameters to multiple desktops). The modified extension should select the first one. A switch for selection the guac-user is not a part of this project.
To complete the project you must have a virtual machine running CentOS 7 to install FreeIPA. You can install Guacamole on the same host. FreeIPA includes an LDAP directory.
If you lack experience with FreeIPA, don't be intimidated. You will get FreeIPA up, running and fully functioning in under 30 min. The install and initial setup basically involves pressing 'y' many times then logging into the web interface.
Hi there! I have read what you exactly need, however I would like to ask you a few questions. I would call myself a master of what I do, I do work smart and do not rest until I get the job done. Please feel free to ping me anytime so we can have a detailed discussion. If I can deliver I will deliver in best possible way. Thanks