Uploaded image for project: 'Apache Guacamole - Contributions'
  1. Apache Guacamole - Contributions
  2. GUAC-1539

Allow extensions to veto authentication results

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Done
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: guacamole, guacamole-ext
    • Labels:
    • Sprint:
      DEV 2016-05-27
    • Story Points:
      5

      Description

      While Guacamole supports authentication from multiple sources (GUAC-586), this only works in the positive direction, with authentication denied only if all auth providers fail.

      For the sake of MFA, and to allow the scope of authentication to be limited (ie: only allow LDAP users which actually have data in MySQL/PostgreSQL), extensions must also be able to veto the authentication results of other extensions.

      As such a "veto" may naturally require requesting additional credentials not originally provided, as in the case of MFA, this should probably be handled through the existing CredentialsException mechanisms.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mike.jumper Michael Jumper
              Reporter:
              mike.jumper Michael Jumper
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: