[
https://issues.apache.org/jira/browse/GUACAMOLE-839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17770213#comment-17770213
]
Mike Jumper edited comment on GUACAMOLE-839 at 9/28/23 8:38 PM:
----------------------------------------------------------------
The guacamole-auth-sso-ssl portion of the guacamole-client build is currently
failing with the following error:
{code:none}
ERROR: License information missing for org.bouncycastle:bc-fips:jar:1.0.2.4
{code}
This is because Bouncy Castle has released a new version of the FIPS variant of
their library (1.0.2.4), and a different Bouncy Castle library referenced by
Guacamole's SSL/TLS client authentication support pulls in {{bc-fips}} via a
version range:
{code:none}
[INFO] +- org.apache.guacamole:guacamole-auth-sso-ssl:jar:1.5.3:compile
[INFO] | \- org.bouncycastle:bcpkix-fips:jar:1.0.7:compile
[INFO] | \- org.bouncycastle:bc-fips:jar:1.0.2.4:compile (version selected
from constraint [1.0.0,2.0.0))
{code}
We'll have to modify the guacamole-auth-sso-ssl {{pom.xml}} to make the version
explicit to prevent releases of new versions from breaking the license check.
was (Author: mike.jumper):
The guacamole-auth-sso-ssl portion of the guacamole-client build is currently
failing with the following error:
{code:none}
ERROR: License information missing for org.bouncycastle:bc-fips:jar:1.0.2.4
{code}
This is because Bouncy Castle has released a new version of the FIPS variant of
their library (1.0.2.4), and a different Bouncy Castle library referenced by
Guacamole's SSL/TLS client authentication support pulls in {{bc-fips}} via a
version range:
{code:none}
[INFO] +- org.apache.guacamole:guacamole-auth-sso-ssl:jar:1.5.3:compile
[INFO] | \- org.bouncycastle:bcpkix-fips:jar:1.0.7:compile
[INFO] | \- org.bouncycastle:bc-fips:jar:1.0.2.4:compile (version selected
from constraint [1.0.0,2.0.0))
{code}
We'll have to modify the guacmole-auth-sso-ssl {{pom.xml}} to make the version
explicit to prevent releases of new versions from breaking the license check.
> Add support for smart card authentication
> -----------------------------------------
>
> Key: GUACAMOLE-839
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-839
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole-client
> Reporter: Bastian Machek
> Assignee: Mike Jumper
> Priority: Minor
> Fix For: 1.6.0
>
>
> Similar to the other supported SSO mechanisms like SAML and OpenID, the
> Guacamole web application should provide for authentication of users using
> smart cards (and similar hardware devices). Leveraging SSL/TLS client
> authentication, it should be possible to allow users to sign in with any
> hardware device supported by their browser as long as those devices contain a
> certificate that was signed by a certificate authority that the administrator
> has configured the Guacamole webapp to accept.
> *NOTE:* This is only related to authentication with the web application. The
> concept of authenticating with remote desktop services using smart cards is
> very separate and would likely involve adding support for Kerberos or somehow
> directly interacting with the card reader over USB.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
