safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,049 Commits 1 Branch 0 Tags
49effea0238257e8f1e03d54791ab32dd7d2c1d3
Commit Graph

38 Commits

Author SHA1 Message Date
Michael Jumper
29b56ff3cf GUACAMOLE-839: Ensure plus signs in received encoded certificates are not decoded as spaces. 
The Apache HTTPD implementation of URL escaping does not encode plus
signs, which Java's URLDecoder will decode as spaces. To avoid mangling
received certificates, we need to ensure any plus signs within received
certificates are preserved even if not encoded.
 2025-04-23 11:31:10 -07:00
Virtually Nick
b9f43cd8f0 GUACAMOLE-2052: Merge maintain independent copy of request details in Credentials. 2025-04-14 22:19:05 -04:00
Michael Jumper
4670ad0b90 GUACAMOLE-2052: Maintain independent copy of request details in Credentials. 2025-04-14 18:45:04 -07:00
Virtually Nick
5c3ddb4f00 GUACAMOLE-839: Merge fix handling of non-standard HTTPS ports for SSL client auth. 2025-04-10 06:27:46 -04:00
Michael Jumper
91d47fea58 GUACAMOLE-839: Do not consider port when comparing hostname from "Host" header. 
Within the scope of the SSL auth, the port noted in the "Host" header is
not material to the routing of the request. We simply need to know
whether we've received the request at the primary URI or a generated
auth URI. The hostname is sufficient to determine this, and the
underlying port may not be clear when omitted from "Host".
 2025-04-10 01:25:57 -07:00
Michael Jumper
0f80d0ddf2 GUACAMOLE-839: Fix check for lack of request headers (may be null). 2025-04-10 01:24:01 -07:00
Michael Jumper
95dc96cf33 GUACAMOLE-1956: Rename SSL client auth properties to use "ssl-auth" prefix (not just "ssl"). 
The "ssl" prefix sounds like it's meant for configuring general use of
SSL/TLS for encryption in front of Guacamole, which is confusing,
particularly when encountering the "SSL_ENABLED" environment variable.

The "ssl-auth" prefix and "SSL_AUTH_ENABLED" environment variable don't
suffer from the same issue.
 2025-04-08 11:25:29 -07:00
Michael Jumper
bcdb62fbe7 GUACAMOLE-1956: Update BouncyCastle PKIX FIPS to latest compatible (v2.1.9). 2025-03-04 02:41:37 -08:00
Michael Jumper
51afe5ade8 GUACAMOLE-1956: Update BouncyCastle FIPS to latest compatible (v2.1.0). 2025-03-04 02:31:02 -08:00
Virtually Nick
ddd09969d8 GUACAMOLE-1239: Remove per-extension configuration for case-sensitivity, retaining only global configuration. 2024-10-31 13:30:46 -04:00
Virtually Nick
4d5101574a GUACAMOLE-1239: Make identifier comparison case-insensitive. 2024-10-02 09:23:27 -04:00
Mike Jumper
0301a1148a GUACAMOLE-1006: Merge support for reading any property value as a Collection. 2024-08-30 10:44:51 -07:00
Virtually Nick
9da1289677 GUACAMOLE-1006: Implement Collection support within GuacamoleProperty classes. 2024-08-30 10:58:31 -04:00
Mike Jumper
086802ad2f GUACAMOLE-1980: Merge client version update to 1.6.0. 2024-08-28 23:02:39 -07:00
James Muehlner
929f6c7f6d GUACAMOLE-1980: Update client versions to 1.6.0. 2024-08-29 00:16:00 +00:00
Alex Leitner
68a0d22d2a GUACAMOLE-1956: Bring Java and JavaScript dependencies up to date. 2024-08-21 14:39:54 -04:00
James Muehlner
ea7c5ef18e GUACAMOLE-1956: Switch guacamole-auth-sso-ssl to updated version of bc-fips. 2024-06-11 18:43:38 +00:00
Virtually Nick
13494baa4a GUACAMOLE-1289: Move AuthenticationSession components to guacamole-exit. 2024-03-29 00:57:40 +00:00
Virtually Nick
46db5f249d GUACAMOLE-1915: Bump versions for projects outside the 1.5.5 scope. 2024-01-30 12:37:45 -05:00
Mike Jumper
4d162810f7 GUACAMOLE-1887: Bump versions numbers of projects outside 1.5.4 scope. 2023-11-23 08:18:35 -08:00
Mike Jumper
ed31d6f2e0 GUACAMOLE-839: Force usage of non-dynamic version of Bouncy Castle FIPS. 2023-10-06 12:17:15 -07:00
Mike Jumper
e46d06e6b8 GUACAMOLE-1780: Merge changes adding MFA compatibility to SSO support. 2023-07-06 08:27:31 -07:00
James Muehlner
e804e8f95d GUACAMOLE-1829: Correct versions of dependencies for remaining 1.5.2 versioned extensions. 2023-07-05 23:28:34 +00:00
James Muehlner
97f93fa5c5 GUACAMOLE-1780: Unify session reactivation/invalidation behavior. 2023-06-30 15:35:31 +00:00
James Muehlner
0de694c912 GUACAMOLE-1780: Allow SAML, SSL sessions to be resumed after another auth provider vetoes the auth attempt. 2023-06-27 23:28:09 +00:00
Mike Jumper
54cea4e80b GUACAMOLE-1790: Bump version numbers of components not within 1.5.2. 2023-05-17 17:00:46 -07:00
Mike Jumper
520edb32ee GUACAMOLE-1767: Correct parent project version (bumped to 1.5.1). 2023-04-10 09:12:56 -07:00
Michael Jumper
08e5938493 GUACAMOLE-839: Redirect user to proper URI for SSL/TLS client auth (rather than just refuse). 2023-03-28 13:36:15 -07:00
Michael Jumper
e6449d2c57 GUACAMOLE-1757: Ensure SSO provider list is added to login UI only once. 2023-03-23 12:30:58 -07:00
Michael Jumper
f98901f933 GUACAMOLE-839: Add sanity checks around parsed PEM data, which may indeed be null. 2023-03-08 09:34:52 -08:00
Michael Jumper
6424b063f2 GUACAMOLE-839: Correct WildcardURIGuacamoleProperty to correctly handle missing (null) properties. 2023-03-08 09:34:26 -08:00
Michael Jumper
82073a5976 GUACAMOLE-839: Correct typo in JavaDoc of decode() - "valid", not "value". 2023-03-07 16:38:51 -08:00
Michael Jumper
9f8bb71b0e GUACAMOLE-839: Correct JavaDoc for parameters of getUsername(). 2023-03-07 16:37:00 -08:00
Michael Jumper
d0574f8d82 GUACAMOLE-839: Use BouncyCastle for retrieval of certificate details. 
Java's build-in support for reading X.509 certificates does not deal
well with PIV certificates containing the username as a "serialNumber"
attribute. Rather than exposing the string value of that attribute, the
Java implementation exposes a byte array that does not fully match the
string value shown by a tool like OpenSSL.

BouncyCastle, on the other hand, _does_ match the output of OpenSSL, and
provides a predictable means of decoding the certificate.
 2023-03-07 16:36:37 -08:00
Michael Jumper
0b5b82cc48 GUACAMOLE-839: Allow accepted subject DNs to be restricted via configuration. 2023-03-01 09:10:53 -08:00
Michael Jumper
8255326512 GUACAMOLE-839: Move SSL/TLS client auth logic to separate service. 2023-03-01 09:10:53 -08:00
Michael Jumper
38f1360dec GUACAMOLE-839: Ensure SSL/TLS client auth failures are reflected in the Guacamole UI. 2023-03-01 09:10:53 -08:00
Michael Jumper
e2a6947ff6 GUACAMOLE-839: Implement base support for SSO using SSL/TLS authentication (certificates / smart cards). 2023-03-01 09:10:52 -08:00