released: true title: 1.3.0 date: 2021-01-01 11:58:09 -0800 summary: > Automatic prompting for remote desktop credentials, user group support for CAS and OpenID, bug fixes.
artifact-root: “https://apache.org/dyn/closer.cgi?action=download&filename=” checksum-root: “https://downloads.apache.org/” download-path: “guacamole/1.3.0/” checksum-suffixes: “PGP” : “.asc” “SHA-256” : “.sha256”
source-dist: - “source/guacamole-client-1.3.0.tar.gz” - “source/guacamole-server-1.3.0.tar.gz”
binary-dist: - “binary/guacamole-1.3.0.war” - “binary/guacamole-auth-cas-1.3.0.tar.gz” - “binary/guacamole-auth-duo-1.3.0.tar.gz” - “binary/guacamole-auth-header-1.2.0.tar.gz” - “binary/guacamole-auth-jdbc-1.3.0.tar.gz” - “binary/guacamole-auth-ldap-1.3.0.tar.gz” - “binary/guacamole-auth-openid-1.3.0.tar.gz” - “binary/guacamole-auth-quickconnect-1.3.0.tar.gz” - “binary/guacamole-auth-saml-1.3.0.tar.gz” - “binary/guacamole-auth-totp-1.3.0.tar.gz”
documentation: “Manual” : “/doc/1.3.0/gug” “guacamole-common” : “/doc/1.3.0/guacamole-common” “guacamole-common-js” : “/doc/1.3.0/guacamole-common-js” “guacamole-ext” : “/doc/1.3.0/guacamole-ext” “libguac” : “/doc/1.3.0/libguac”
The 1.3.0 release features support for automatically prompting users for their remote desktop credentials, user group support for both CAS and OpenID, and several bug fixes. For a full list of all changes in this release, please see the changelog.
The 1.3.0 release is compatible with older 1.x components. You should upgrade older components to 1.3.0 when possible, however things should continue to work correctly in the interim:
Regardless of inter-component compatibility, there are changes in 1.3.0 which may affect downstream users of Guacamole's APIs and the Guacamole protocol. Please see the deprecation / compatibility notes section for more information.
Historically, Guacamole has required that remote desktop credentials either be stored alongside connection configuration, passed through from web application authentication (typically Active Directory), or retrieved interactively by the remote desktop itself.
In addition to these methods, Guacamole will now automatically prompt the user to enter any credentials not already provided by the administrator if those credentials are required.
If using a CAS or OpenID identity provider to automatically sign in your users, user groups can now also be retrieved from the identity provider. Similar to the support already present for SAML, this support allows the admininstrator to define how user groups are exposed by the identity provider and allow those user groups to affect the permissions granted to their members within Guacamole.
ldap-user-attributes
property to Guacamole Docker image (GUACAMOLE-987)ldap-dereference-aliases
, ldap-follow-referrals
, ldap-max-referral-hops
, and ldap-operation-timeout
properties to Guacamole Docker image (GUACAMOLE-1147)totp-period
is set (GUACAMOLE-1146)skip-if-unavailable
breaks expired password change (GUACAMOLE-1152)disable-copy
flag does not work (GUACAMOLE-1158)allowed-languages
property incorrectly documented as available-languages
(GUACAMOLE-1107)UNIX_TIME
macro (GUACAMOLE-949)nbproject/
directory from git via .gitignore
(GUACAMOLE-1151)Each 1.x release of Apache Guacamole should be compatible with components of older 1.x releases. This compatibility is intended at the Guacamole protocol level and at the extension level, but not necessarily at the API level. This means:
As of 1.3.0, the following changes have been made which affect compatibility with past releases:
GuacamoleSocket
should now implement getProtocol()
The required
and argv
instructions both refer to connection parameters by name. As it is the underlying protocol of a connection that determines the semantics of connection parameters, client implementations will commonly need to expose this information in some way. The mainline web application provided by Apache Guacamole is one such implementation.
A new getProtocol()
function has been added to GuacamoleSocket
to facilitate this, and implementations of GuacamoleSocket
should aim to provide implementations of this function with that in mind.
This will happen automatically for ConfiguredGuacamoleSocket
.
getHistory()
for User
and Connection
interfacesThe User
and Connection
interfaces have both continued to define a basic getHistory()
function for retrieving a raw list of history records. Unlike the getUserHistory()
and getConnectionHistory()
functions exposed by the UserContext
, the getHistory()
functions do not support filtering or searching.
The old getHistory()
functions have now been deprecated in favor of newer functions that do support filtering. Implementations that provide getHistory()
will continue to work, but should migrate to the new functions when possible.
required
instructionTo allow the server to request that the client provide credentials (or any other parameters), a new required
instruction has been added to the Guacamole protocol. This instruction informs the client that one or more connection parameters need to be specified for the connection to continue. If the client indicated support for the required
instruction during the initial connection handshake, the client is then expected to supply values for each of these parameters using argv
streams.
protocol_version
added to guac_user_info
structureA new protocol_version
member has been added to guac_user_info
to allow implementations to make decisions based on the Guacamole protocol version in use, affecting the size of this structure.
Additionally, because guac_user_info
forms a part of guac_user
, this change also affects the memory offsets of members of the guac_user
structure which follow the info
member, such as data
and various instruction handlers.
Downstream usages of libguac which make use of guac_user
or guac_user_info
will need to be rebuilt to ensure that the structure sizes and memory offsets used are correct.