GUACAMOLE-839: Ensure SSL/TLS client auth failures are reflected in the Guacamole UI.

2025-09-06 13:17:41 +00:00 · 2023-01-27 16:38:45 -08:00
parent b6ce477625
commit 38f1360dec
15 changed files with 681 additions and 295 deletions
--- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/AuthenticationSessionManager.java
+++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/AuthenticationSessionManager.java
@@ -68,6 +68,20 @@ public class AuthenticationSessionManager<T extends AuthenticationSession> {
        }, 1, 1, TimeUnit.MINUTES);
    }

+    /**
+     * Generates a cryptographically-secure value identical in form to the
+     * session tokens generated by {@link #defer(org.apache.guacamole.auth.sso.AuthenticationSession)}
+     * but invalid. The returned value is indistinguishable from a valid token,
+     * but is not a valid token.
+     *
+     * @return
+     *     An invalid token value that is indistinguishable from a valid
+     *     token.
+     */
+    public String generateInvalid() {
+        return idGenerator.generateIdentifier();
+    }
+
    /**
     * Resumes the Guacamole side of the authentication process that was
     * previously deferred through a call to defer(). Once invoked, the