Daniel created GUACAMOLE-1949:
---------------------------------
Summary: Nextcloud JWT
Key: GUACAMOLE-1949
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1949
Project: Guacamole
Issue Type: Improvement
Components: guacamole-client
Reporter: Daniel
Hi all,
I have built a small extension for myself and would like to share it with you.
Maybe this is a function that would go well with Guacamole.
I use a self-hosted Nextcloud and the plugin “External Sites”. This plugin
offers the possibility to send a JWT to an embedded website. This JWT is
(Nextcloud) user-related and always valid for 1 minute. If the JWT is missing
or has expired, an excpetion will be thrown. The extension validates the JWT
and if it is valid, the Guacamole login screen is displayed. Everything else
then proceeds as usual. Additionally, I have implemented that only certain
Nextcloud users are allowed this access, independent of a valid JWT.
I have decided to not make the login screen accessible worldwide, that's why an
exception will be thrown if anyone call the guacamole client directly
({{https://example.com/guacamole}}) and a login is only possible within the
Nextcloud ({{https://cloud.example.com}}).
Another small additional use case in my environment: The login screen should
still be displayed for a few clients (via IP addresses), so the IP address will
be checked and validated.
* [Nextcloud Plugin "External sites"|https://apps.nextcloud.com/apps/external]
* [Generate Nextcloud
JWT|https://github.com/nextcloud/external/blob/master/docs/jwt-sample.php]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
