abba/guacamole-ext-wallix-sync
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Add README, licences, authors and sample configuration files.

Browse Source
This commit is contained in:
Abba Soungui YOUNOUSS
2025-11-12 14:47:09 +01:00
parent ce92861f34
commit e4ace39b0f
5 changed files with 936 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
README.md Normal file
View File

@@ -0,0 +1,37 @@
# Wallix Sync Extension for Guacamole
This extension allows to synchronize configuration of Guacamole with Wallix bastion and allow access to target devices through a Web browser. The extensions consider Wallix as source of truth, so the synchronization is one way (from Wallix to Guacamole) and only Guacamole configuration is modified.
## Licence
Wallix Sync Extension for Guacamole is released under LGPL 3 licence
## How does it work?
The extension will periodically fetch information from Wallix bastion, compare them to current Guacamole configuration and update it as needed:
1. Users detected in Wallix will be created in Guacamole and their organization field will be set to Wallix.
2. Users previously added (those who belong to the organization called Wallix), but not found in the last query will be removed from Guacamole.
3. Groups detected in Wallix will be added in Guacamole.
4. Existing groups that were not found in the last query will be removed.
5. Changes of groups membership will be detected and updated.
6. Wallix target groups will be fetched and added to Guacamole as configuration groups.
7. Existing target groups that were not part of the last query will be removed.
8. Authorizations will be fetched from Wallix and for each one, permissions to corresponding connection group will be granted/removed.
## Prerequisite
1. The extensions consider Wallix as source of truth, so a dedicated Apache Guacamole server is required, because the extensions may delete some users, groups, and connections that are not in Wallix.
2. Guacamole must use a MariaDB database.
3. Wallix users must be able to connect to Guacamole using the same username. The best way to achieve this, is by using a centralized authentication mechanism. This extension has been tested on an infrastructure where Wallix and Guacamole use the same Active Directory domain as authentication service and it is the recommended deployment.
4. The server running Guacamole must be able to reach Wallix Bastion server and access to required ports: HTTP(S) for API calls; SSH, RDP, VNC for connections from guacd.
## Installation
1. Create a user named guacamole in Wallix and authorize API access to this user.
2. Take note of the following parameters :
1. URL of Wallix Bastion API (usually https://wallix_bastion_host/api)
2. Username created for Guacamole
3. API key of the guacamole user
3. Copy the extension jar file (i.e: guacamole-ext-wallix-sync-0.0.1.jar) to $GUACAMOLE_HOME/extensions folder of the Guacamole server.
4. Add the extension's specific paramter to guacamole.properties file (see in config/guacamole folder for a sample file)
1.
5. Restart Guacamole.