[jira] [Commented] (GUACAMOLE-839) Add support for smart card authentication

Thu, 28 Sep 2023 13:41:04 -0700 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17770213#comment-17770213
 ] 

Mike Jumper commented on GUACAMOLE-839:
---------------------------------------

The guacamole-auth-sso-ssl portion of the guacamole-client build is currently 
failing with the following error:

{code:none}
ERROR: License information missing for org.bouncycastle:bc-fips:jar:1.0.2.4
{code}

This is because Bouncy Castle has released a new version of the FIPS variant of 
their library (1.0.2.4), and a different Bouncy Castle library referenced by 
Guacamole's SSL/TLS client authentication support pulls in {{bc-fips}} via a 
version range:

{code:none}
[INFO] +- org.apache.guacamole:guacamole-auth-sso-ssl:jar:1.5.3:compile
[INFO] |  \- org.bouncycastle:bcpkix-fips:jar:1.0.7:compile
[INFO] |     \- org.bouncycastle:bc-fips:jar:1.0.2.4:compile (version selected 
from constraint [1.0.0,2.0.0))
{code}

We'll have to modify the guacmole-auth-sso-ssl {{pom.xml}} to make the version 
explicit to prevent releases of new versions from breaking the license check.

> Add support for smart card authentication
> -----------------------------------------
>
>                 Key: GUACAMOLE-839
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-839
>             Project: Guacamole
>          Issue Type: New Feature
>          Components: guacamole-client
>            Reporter: Bastian Machek
>            Assignee: Mike Jumper
>            Priority: Minor
>             Fix For: 1.6.0
>
>
> Similar to the other supported SSO mechanisms like SAML and OpenID, the 
> Guacamole web application should provide for authentication of users using 
> smart cards (and similar hardware devices). Leveraging SSL/TLS client 
> authentication, it should be possible to allow users to sign in with any 
> hardware device supported by their browser as long as those devices contain a 
> certificate that was signed by a certificate authority that the administrator 
> has configured the Guacamole webapp to accept.
> *NOTE:* This is only related to authentication with the web application. The 
> concept of authenticating with remote desktop services using smart cards is 
> very separate and would likely involve adding support for Kerberos or somehow 
> directly interacting with the card reader over USB.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to