abba/guacamole-ext-wallix-sync
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
24 Commits 1 Branch 1 Tag
main
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

Wallix Sync Extension for Guacamole

This extension allows to synchronize configuration of Guacamole with Wallix bastion and allow access to target devices through a Web browser. The extensions consider Wallix as source of truth, so the synchronization is one way (from Wallix to Guacamole) and only Guacamole configuration is modified.

Licence

Wallix Sync Extension for Guacamole is released under LGPL 3 licence

How does it work?

The extension will periodically fetch information from Wallix bastion, compare them to current Guacamole configuration and update it as needed:

  1. Users detected in Wallix will be created in Guacamole and their organization field will be set to Wallix.
  2. Users previously added (those who belong to the organization called Wallix), but not found in the last query will be removed from Guacamole.
  3. Groups detected in Wallix will be added in Guacamole.
  4. Existing groups that were not found in the last query will be removed.
  5. Changes of groups membership will be detected and updated.
  6. Wallix target groups will be fetched and added to Guacamole as configuration groups.
  7. Existing target groups that were not part of the last query will be removed.
  8. Authorizations will be fetched from Wallix and for each one, permissions to corresponding connection group will be granted/removed.

Prerequisite

  1. The extensions consider Wallix as source of truth, so a dedicated Apache Guacamole server is required, because the extensions may delete some users, groups, and connections that are not in Wallix.
  2. Guacamole must use a MariaDB database.
  3. Wallix users must be able to connect to Guacamole using the same username. The best way to achieve this, is by using a centralized authentication mechanism. This extension has been tested on an infrastructure where Wallix and Guacamole use the same Active Directory domain as authentication service and it is the recommended deployment.
  4. The server running Guacamole must be able to reach Wallix Bastion server and access to required ports: HTTP(S) for API calls; SSH, RDP, VNC for connections from guacd.

Installation

  1. Create a user named guacamole in Wallix and authorize API access to this user.
  2. Take note of the following parameters :
    1. URL of Wallix Bastion API (usually https://wallix_bastion_host/api)
    2. Username created for Guacamole
    3. API key of the guacamole user
  3. Copy the extension jar file (i.e: guacamole-ext-wallix-sync-0.0.1.jar) to $GUACAMOLE_HOME/extensions folder of the Guacamole server.
  4. Add the extension's specific paramter to guacamole.properties file (see in config/guacamole folder for a sample file)
  5. Restart Guacamole.
Reference in New Issue View Git Blame Copy Permalink
Description
Guacamole extension for connection through Wallix
Readme 173 KiB
Releases 1
0.0.1 Latest
2025-11-12 21:44:25 +01:00
Languages
Java 100%