...
...
...
...
Info |
---|
This article includes updates for Digital Access 6.3.2. |
This article describes how to configure Apache Guacamole as a web resource
...
in Smart ID Digital Access component.
...
Step-by-step instruction
Install Guacamole
Expand |
---|
|
Login via SSH to the Guacamole server. Download the Guacamole 1.5 > nexus-guacamole-1.5.1.tar.gz file from the Nexus support portal and unzip it in your working directory. Install Guacamole using this command: Install Guacamole
|
...
...
bash hag-docker-guacamole.sh |
|
Create web resource
Expand |
---|
|
In Digital Access Admin, go to Manage Resource Access. Click Web Resources > Add Web Resource Host. Enable resource is checked by default. Enter a Display Name, the Host of the Guacamole server and the HTTP Port (8080). Under Portal settings check Make resource available in the Portal. Upload an icon image and link text. Click Next until the web-resource is created and you see the Advanced Settings... option.
|
Expand |
---|
|
Either you continue from the previous step, or you Select the web resource under Registered Resources Click Edit Resource Host... Click Advanced Settings...
At the bottom of the page, click Add Attribute... under section Back-end Attributes. Add a back-end attribute: Enter guac as Name. Use Header as Type. Use Static Value as Source. Choose None as Encoding. As Value, add username, password and IP address or DNS name of RDP host: Code Block |
---|
| <protocol>://username:password@<target-server>/?<parameterkey1>=<parametervalue1>&<parameterkey2>=<parametervalue2> |
this could look like:
Example
|
...
...
rdp://agadmin:admi123!@192.168.1.2/?color-depth=16
or
ssh://192.x.x.x/ |
|
...
protocol - is one of: rdp, ssh, telnet, vnc additional parameters following: key=value,key=value... More details can be found here: https://guacamole.apache.org/doc/gug/configuring-guacamole.html#connection-configuration
Click Add. Click Next and Finish Wizard.
|
Expand |
---|
|
In Digital Access Admin, go to Manage Resource Access. Select the web resource under Registered Resources. Click Add Resource Path... Enter guacamole as Path. Enter the link text and select an icon to make the resource available in the portal. This is the link on the access portal required to access the resource.
|
Single Sign-on settings
Expand |
---|
title | Add Single Sign-On templates |
---|
|
If the username and password should be picked from a specific SSO domain, do the following adaptions. Refer also to Single sign-on script in Digital Access, headings "Upload script files" and "Add filters". Do the instructions below for these scripts: |
...
...
...
...
...
...
Admin, click Browse. Upload the provided files (without changing the file names) to access-point/custom-files/scripts
|
Expand |
---|
|
In Digital Access Admin, go to Manage Resource Access > Global Resource Settings. Go to the Filters tab and click Add Filter... As Display Name enter sso_username. As Script Name enter sso_username. SelectRequest as Type of Filter. Select the Guacamole web resource as Resource Host. Enter * in Path. Select Headers as Apply Filter To. Click Add. Add filters for sso_password, sso_domain, and sso_uid.
|
Expand |
---|
title | Set internal cookies for User ID |
---|
|
In Digital Access Admin, go to Manage Resource Access > Global Resource Settings. Go to the Advanced tab. Check User ID under Internal Cookies. Check Use "Cache-Control: no store" under Cache Control. Click Save.
|
Expand |
---|
title | Create an “SSO Domain” with the credentials you need |
---|
|
See Add single sign-on domain in Digital Access. |
...
Expand |
---|
title | Update the Web resource HOST |
---|
|
In Digital Access Admin, go to Manage Resource Access. Click Web Resources > Edit Web Resources and select the web resource host you created. To use the scripts for SSO, sso_username and sso_password have to be used within the Guacamole resource, like: Code Block |
---|
| rdp://sso_username:sso_password@192.168.1.2/ |
This is explained in the following steps.
Under heading
|
...
Single Sign-On: Check Enable Single Sign-On. Select Script as Single Sign-On Type. Select the SSO domain you created before as SSO Domain.
Click Advanced settings... Click Edit Attribute guac. Update the Header to use 'sso_username' and 'sso_password' etc. to use the dynamic values. Click Save and then publish the updates.
|
Add multiple web resources to a Guacamole server instance
Expand |
---|
title | Add multiple web resources to a Guacamole server instance |
---|
|
Create a new DNS entry for the guacamole server (add a CNAME). Follow the same steps as for the first connection. If you want to use SSO, you must add filter for the new CNAME. Follow the instructions in Add filters under heading Single Sign-On settings.
|
This article includes updates for Digital Access 6.3.2.
Related information
...