11 Commits

Author	SHA1	Message	Date
Michael Jumper	08e5938493	GUACAMOLE-839: Redirect user to proper URI for SSL/TLS client auth (rather than just refuse).	2023-03-28 13:36:15 -07:00
Michael Jumper	e6449d2c57	GUACAMOLE-1757: Ensure SSO provider list is added to login UI only once.	2023-03-23 12:30:58 -07:00
Michael Jumper	f98901f933	GUACAMOLE-839: Add sanity checks around parsed PEM data, which may indeed be null.	2023-03-08 09:34:52 -08:00
Michael Jumper	6424b063f2	GUACAMOLE-839: Correct WildcardURIGuacamoleProperty to correctly handle missing (null) properties.	2023-03-08 09:34:26 -08:00
Michael Jumper	82073a5976	GUACAMOLE-839: Correct typo in JavaDoc of decode() - "valid", not "value".	2023-03-07 16:38:51 -08:00
Michael Jumper	9f8bb71b0e	GUACAMOLE-839: Correct JavaDoc for parameters of getUsername().	2023-03-07 16:37:00 -08:00
Michael Jumper	d0574f8d82	GUACAMOLE-839: Use BouncyCastle for retrieval of certificate details. ... Java's build-in support for reading X.509 certificates does not deal well with PIV certificates containing the username as a "serialNumber" attribute. Rather than exposing the string value of that attribute, the Java implementation exposes a byte array that does not fully match the string value shown by a tool like OpenSSL. BouncyCastle, on the other hand, _does_ match the output of OpenSSL, and provides a predictable means of decoding the certificate.	2023-03-07 16:36:37 -08:00
Michael Jumper	0b5b82cc48	GUACAMOLE-839: Allow accepted subject DNs to be restricted via configuration.	2023-03-01 09:10:53 -08:00
Michael Jumper	8255326512	GUACAMOLE-839: Move SSL/TLS client auth logic to separate service.	2023-03-01 09:10:53 -08:00
Michael Jumper	38f1360dec	GUACAMOLE-839: Ensure SSL/TLS client auth failures are reflected in the Guacamole UI.	2023-03-01 09:10:53 -08:00
Michael Jumper	e2a6947ff6	GUACAMOLE-839: Implement base support for SSO using SSL/TLS authentication (certificates / smart cards).	2023-03-01 09:10:52 -08:00