Guacamole REST API Examples

guacamole_rest_api_examples.md

Get token

curl -X POST -d 'username=MYUSERNAME&password=MYPASSWORD' http://localhost:8080/guacamole/api/tokens

output

{
  "authToken": "C90FE11682EE3A8CCA339F1135FF02D0A97CDDDE440A970B559D005517BE6EA8",
  "username": "guacadmin",
  "dataSource": "postgresql",
  "availableDataSources": [
    "postgresql",
    "postgresql-shared"
  ]
}

Encode client url string

1. Get connections list

curl 'http://localhost:8080/guacamole/api/session/data/postgresql/connections?token=<TOKEN>'| jq

output

{
  "1": {
    "name": "win",
    "identifier": "1",
    "parentIdentifier": "ROOT",
    "protocol": "rdp",
    "attributes": {
      "guacd-encryption": null,
      "failover-only": null,
      "weight": null,
      "max-connections": null,
      "guacd-hostname": null,
      "guacd-port": null,
      "max-connections-per-user": null
    },
    "activeConnections": 0,
    "lastActive": 1591774964770
  },
  "2": {
    "name": "win1",
    "identifier": "2",
    "parentIdentifier": "ROOT",
    "protocol": "rdp",
    "attributes": {
      "guacd-encryption": null,
      "failover-only": null,
      "weight": null,
      "max-connections": null,
      "guacd-hostname": null,
      "guacd-port": null,
      "max-connections-per-user": null
    },
    "activeConnections": 1,
    "lastActive": 1591774407688
  }
}

Notes (link):

The necessary information is indeed there - you just need to know how to generate the URL. The base64 bit after ".../guacamole/client/" in the URL of a connection is built from the following information:

1. The connection identifier (in MySQL / PostgreSQL, this will be the connection ID)
2. The type ("c" for connections and "g" for balancing groups)
3. The identifier of the auth provider storing the connection data (usually "postgresql", "mysql", or "ldap" - in your case the correct value would be "mysql")

Each of these components separated from the other by a single NULL character (U+0000), with the resulting string encoded with base64.

2. Encode string

printf '2\0c\0postgresql' | base64

output

MgBjAHBvc3RncmVzcWw=

3. URL

https://localhost:8080/guacamole/#/client/MgBjAHBvc3RncmVzcWw=

Why am I being forbiden while trying to create new connection by passing connection credentials?

Input example.
//dataSource = mysql
//name = pc1
//ipAddress = 10.10.10.10
//vncPassword = 1234
//guacUser = guacUser
//guacPass = guacPass
//authToken = C73AFEFFB51E5BFC403771D6C48B3DA4400A28B7D4C73DDD10204B1B42B8A94E

private createConnection(authToken: string, dataSource: string, name: string, ipAddress: string, vncPassword: string) {
var port = '5900';
const connectionData = {
"parentIdentifier": "ROOT",
"name": name,
"protocol": "vnc",
"attributes": {
"failover- only": "",
"guacd-encryption": "",
"guacd-hostname": "",
"guacd-port": "",
"max-connections": "",
"max-connections-per-user": "",
"weight": ""

  },
  "parameters": {
    "hostname": ipAddress,
    "port": port,
    "username": this.guacUser,
    "password": this.guacPass,
    //"password": "vncPassword" // Pass VNC password if required
  }
};

const headers = new HttpHeaders().set('Authorization', `Bearer ${authToken}`);
return this.http.post(`${this.baseUrl}/session/data/${dataSource}/connections`, connectionData, { headers });

}

What is the datasource string to use when user-mapping.xml is used for authentication?

The base64 encode is useful. I couldn't find from guacamole doc. But found in their code

printf '2\0c\0postgresql' | base64

The null char is the key.