[jira] [Commented] (GUACAMOLE-1428) Allow connection authentication prompt responses to be temporarily saved

Mon, 20 Mar 2023 17:59:04 -0700 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17702969#comment-17702969
 ] 

Nick Couchman commented on GUACAMOLE-1428:
------------------------------------------

[~guactester]: I've implemented a quick extension that prompts for temporary 
credentials when logging in. It isn't pretty, yet, but it does the trick. 
Basically it prompts for several available credentials - username, password, 
domain, ssh key, and ssh key passphrase - and makes them available as tokens 
(GUAC_TEMP_USERNAME, GUAC_TEMP_PASSWORD, etc.) that can be used in connection 
parameters.

https://github.com/necouchman/guacamole-client/tree/working/prompt-temp-credentials/extensions/guacamole-auth-temp-credentials

> Allow connection authentication prompt responses to be temporarily saved
> ------------------------------------------------------------------------
>
>                 Key: GUACAMOLE-1428
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1428
>             Project: Guacamole
>          Issue Type: New Feature
>          Components: guacamole
>    Affects Versions: 1.3.0
>            Reporter: guacamole tester
>            Priority: Minor
>
> Currently I'm using Guacamole with OIDC-SSO. so I don't have the 
> "${GUAC_PASSWORD}"-Variable at hand.
>  
> The only Option to give the user a true SSO-experience is to integrate an 
> external System which can provide the cleartext-password. I don't like this 
> idea..
> So if it's only possible to do this with a system saving the cleartext 
> password.. why not keep this only in guacamole?
>  
> A working system could be like this:
> when there is no pre-configured Password provide a selectable field that 
> defines that the password for the user is stored. This password should then 
> be stored for all connections (which have the field "shared password" 
> activated) of the user on the guacamole server until it is wrong and then 
> overwritten with the new password that the user enters.
>  
> this would be very easy to implement for the admin as there is no additional 
> configuration. and it would also only keep the password in cleartext ont he 
> guacamole system which in my case is the only system, that needs a cleartext 
> password.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to