safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-839: Merge redirect user to proper URI for SSL/TLS client auth.

Browse Source
This commit is contained in:
Virtually Nick
2023-03-28 16:56:41 -04:00
committed by GitHub
parent 41f65b02f7 08e5938493
commit f864a9de68
2 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/resources/translations/en.json
View File

@@ -21,6 +21,7 @@
"FIELD_HEADER_STATE" : "", "FIELD_HEADER_STATE" : "",
"FIELD_HEADER_TICKET" : "", "FIELD_HEADER_TICKET" : "",
"INFO_IDP_REDIRECT_PENDING" : "Please wait, redirecting to identity provider...", "INFO_IDP_REDIRECT_PENDING" : "Please wait, redirecting to identity provider...",
"INFO_REDIRECT_PENDING" : "Please wait while you are redirected...",
"NAME_IDP_CAS" : "CAS", "NAME_IDP_CAS" : "CAS",
"NAME_IDP_OPENID" : "OpenID", "NAME_IDP_OPENID" : "OpenID",
"NAME_IDP_SAML" : "SAML", "NAME_IDP_SAML" : "SAML",

21
extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/AuthenticationProviderService.java
View File

@@ -23,15 +23,20 @@ import com.google.inject.Inject;
import com.google.inject.Provider; import com.google.inject.Provider;
import com.google.inject.Singleton; import com.google.inject.Singleton;
import java.net.URI; import java.net.URI;
import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import org.apache.guacamole.GuacamoleClientException;
import org.apache.guacamole.auth.ssl.conf.ConfigurationService; import org.apache.guacamole.auth.ssl.conf.ConfigurationService;
import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleResourceNotFoundException; import org.apache.guacamole.GuacamoleResourceNotFoundException;
import org.apache.guacamole.auth.sso.SSOAuthenticationProviderService; import org.apache.guacamole.auth.sso.SSOAuthenticationProviderService;
import org.apache.guacamole.auth.sso.user.SSOAuthenticatedUser; import org.apache.guacamole.auth.sso.user.SSOAuthenticatedUser;
import org.apache.guacamole.form.Field;
import org.apache.guacamole.form.RedirectField;
import org.apache.guacamole.language.TranslatableMessage;
import org.apache.guacamole.net.auth.Credentials; import org.apache.guacamole.net.auth.Credentials;
import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
/** /**
* Service that authenticates Guacamole users using SSL/TLS authentication * Service that authenticates Guacamole users using SSL/TLS authentication
@@ -150,11 +155,15 @@ public class AuthenticationProviderService implements SSOAuthenticationProviderS
if (confService.isPrimaryHostname(host)) if (confService.isPrimaryHostname(host))
return processIdentity(credentials, request); return processIdentity(credentials, request);
// All other requests are not allowed - refuse to authenticate // All other requests are not allowed - redirect to proper hostname
throw new GuacamoleClientException("Direct authentication against " throw new GuacamoleInvalidCredentialsException("Authentication is "
+ "this endpoint is not valid without first requesting to " + "only allowed against the primary URL of this Guacamole "
+ "authenticate at the primary URL of this Guacamole " + "instance.",
+ "instance."); new CredentialsInfo(Arrays.asList(new Field[] {
new RedirectField("primaryURI", confService.getPrimaryURI(),
new TranslatableMessage("LOGIN.INFO_REDIRECT_PENDING"))
}))
);
} }