Table of Contents
The quickconnect extension provides a connection bar on the Guacamole Client home page that allows users to type in the URI of a server to which they want to connect and the client will parse the URI and immediately establish the connection. The purpose of the extension is to allow situations where administrators want to allow users the flexibility of establishing their own connections without having to grant them access to edit connections or even to have to create the connections at all, aside from typing the URI.
Important
There are several implications of using this extension that should be well-understood by administrators prior to implementing it:
Connections established with this extension are created in-memory and only persist until the Guacamole session ends.
Connections created with this extension are not accessible to other users, and cannot be shared with other users.
This extension provides no functionality for authenticating users - it does not allow anonymous logins, and requires that users are successfully authenticated by another authentication module before it can be used.
The extension provides users the ability not only to establish connections, but also to set any of the parameters for a connection. There are security implications for this - for example, RDP file sharing can be used to pass through any directory available on the server running guacd to the remote desktop. This should be taken into consideration when enabling this extension and making sure that guacd is configured in a way that does not compromise sensitive system files by allowing access to them.
The quickconnect extension is available separately from the main
guacamole.war
. The link for this and all other
officially-supported and compatible extensions for a particular version of Guacamole are
provided in the release notes for that version. You can find the release notes for
current versions of Guacamole here: http://guacamole.apache.org/releases/.
The quickconnect extension is packaged as a .tar.gz
file containing
only the extension itself, guacamole-auth-quickconnect-1.0.0.jar
, which must
ultimately be placed in GUACAMOLE_HOME/extensions
.
Guacamole extensions are self-contained .jar
files which are
located within the GUACAMOLE_HOME/extensions
directory.
If you are unsure where GUACAMOLE_HOME
is located on
your system, please consult Chapter 5, Configuring Guacamole before
proceeding.
To install the extension, you must:
Create the
GUACAMOLE_HOME/extensions
directory, if it does not already exist.Place the
guacamole-auth-quickconnect-1.0.0.jar
file in theGUACAMOLE_HOME/extensions
directory.
Guacamole will only load newly-installed extensions during startup, so your servlet container will need to be restarted before the quickconnect extension can be used. Doing this will disconnect all active users, so be sure that it is safe to do so prior to attempting installation. When ready, restart your servlet container and give the extension a try.
The quickconnect extension provides a field on the home page that allows you to enter a Uniform Resource Identifier (URI) to create a connection. A URI is in the form:
protocol
://username
:password
@host
:port
/?parameters
The protocol
field can have any of the protocols supported
by Guacamole, as documented in Chapter 5, Configuring Guacamole. Many of the
protocols define a default port
value, with the exception of
VNC. The parameters
field can specify any of the
protocol-specific parameters as documented on the configuration page.
To establish a connection, simply type in a valid URI and either press "Enter" or click the connect button. This extension will parse the URI and create a new connection, and immediately start that connection in the current browser.
Here are a few examples of URIs:
ssh://linux1.example.com/
Connect to the server linux1.example.com using the SSH protocol on the default SSH port (22). This will result in prompting for both username and password.
vnc://linux1.example.com:5900/
Connect to the server linux1.example.com using the VNC protocol and specifying the port as 5900.
rdp://localuser@windows1.example.com/?security=rdp&ignore-cert=true&disable-audio=true&enable-drive=true&drive-path=/mnt/usb
Connect to the server windows1.example.com using the RDP protocol and the user "localuser". This URI also specifies several RDP-specific parameters on the connection, including forcing security mode to RDP (security=rdp), ignoring any certificate errors (ignore-cert=true), disabling audio pass-through (disable-audio=true), and enabling filesystem redirection (enable-drive=true) to the /mnt/usb folder on the system running guacd (drive-path=/mnt/usb).