Nexus' software components have new names:

Nexus PRIME -> Smart ID Identity Manager
Nexus Certificate Manager -> Smart ID Certificate Manager
Nexus Hybrid Access Gateway -> Smart ID Digital Access component
Nexus Personal -> Smart ID clients

Go to Nexus homepage for overviews of Nexus' solutions, customer cases, news and more.


Skip to end of metadata
Go to start of metadata

This article describes how to configure Apache Guacamole as a web resource in Smart ID Digital Access component (Hybrid Access Gateway)

Expand/Collapse All

Prerequisites

 Prerequisites

Step-by-step instruction

 Install Guacamole
  1. Login via SSH to the Guacamole server.
  2. Install Guacamole using this command:

    Install Guacamole
    wget -q -O - https://us.nexusgroup.com/dl/hag-docker-guacamole_1.1.0.sh | bash
 Create web resource
  1. In Digital Access Admin, go to Manage Resource Access.
  2. Click Web Resources > Add Web Resource Host.
  3. Enter a Display Name, the Host of the Guacamole server and the Port (8080). 
  4. Disable Portal settings, so no portal item will be created. 
  5. Click Next until the wizard is done and the web-resource was created. 
 Create path
  1. Select the web resource under Registered Resources
  2. Click Add Resource Path...
  3. As Path, enter the value guacamole/#/client/
  4. Disable Portal settings
  5. Finish wizard by clicking Next.
 Add Guacamole resource
  1. Select the web resource under Registered Resources
  2. Click Edit Resource Host...
  3. Go to Advanced Settings tab.
  4. At the bottom of the page, click Add Attribute under section Back-end Attributes.
  5. Add one or more back-end attributes with name scheme GUAC-1, GUAC-2, etc. 
    1. Use Header as Type.
    2. Use Static Value as Source.
    3. Choose None as Encoding
    4. As Value, add username, password and IP address of RDP host as followed:

      <protocol>://username:password@<target-server>/?<parameterkey1>=<parametervalue1>&<parameterkey2>=<parametervalue2>

      this could look like: 

      Example
      rdp://agadmin:admi123!@192.168.1.2/?color-depth=16

      protocol -  is one of: rdp, ssh, telnet, vnc
      additional parameters following: key=value,key=value...
      More details can be found here: https://guacamole.apache.org/doc/gug/configuring-guacamole.html#connection-configuration


    5. Click Add.
 Add portal item

If there should be a portal item that links directly into the Guacamole target, a web resource path has to be created. 

  1. Select the web resource under Registered Resources
  2. Click Add Resource Path...
  3. As Path, enter the value guacamole/#/client/GUAC-1 or another Guacamole resource that was created in the previous step.
  4. Enable Portal settings
  5. Choose an Icon and Link Text.
  6. Finish wizard by clicking Next.
 Use SSO domain

If the username and password should be picked from a specific SSO domain, do the following adaptions. Refer also to Single sign-on script in Digital Access, headings "Upload script files" and "Add filters".

Do the instructions below for these scripts:

Upload script files

  1. In Digital Access Admin, click Browse.
  2. Upload the provided files (without changing the file names) to access-point/files/custom-files/scripts.

Add filters

  1. Click Global Resource Settings.
  2. Go to the Filters tab and click Add Filter
  3. As Display Name enter sso_username
  4. As Script Name enter sso_username
  5. Select Request as Type of Filter.
  6. Select the Guacamole web resource as Resource Host.
  7. Enter * in Path.
  8. Select Headers as Apply Filter To.

To use the scripts for SSO, sso_username and sso_password have to be used within the Guacamole resource, like:

rdp://sso_username:sso_password@192.168.1.2/

This article is valid from Digital Access 6.0

Related information

Links