Hello,
I would like to use wslink in combination with Apache in a Docker container (similar as the premade trame docker setups) to start an application for multiple users with external authentication.
As far as I understand…
At the moment, the sessions are only identified by their id, which is created by the launcher on the fly. No information is provided by the client during the initial session request.
What I want to do
I would like to use the Apache+wslink setup in combination with an external authentication service (e.g. https://dexidp.io/) which can handle all kinds of authentication and forwarding the authenticated users with their user-name in the header (e.g. X-Forwarded-User). So the launcher does not have to think about authentication at all. However, I have to inform the launcher/my app about my user-name to correctly assign them (for example to use the correct data for my app). At this point I would not really care about the session id in my app. All I need to know is the user name.
What I struggle with
How can I forward custom query parameters to my launcher? I assumed that I could do that with the field-parameter, but it did not work. The code below is an excerpt of my current setup:
Apache (reading the header and passing it as query parameter
<VirtualHost \*:80>
DocumentRoot /deploy/server/www
ErrorLog /proc/self/fd/2
LogLevel warn rewrite:trace3 headers:trace3 proxy:trace1
LogFormat "%h %l %u %t \"%r\" %>s %b \"UserName:%{X-User-Name}i\" \"XFWDU:%{X-Forwarded-User}i\" \"XRemote:%{X-Remote-User}i\" \"%{User-Agent}i\"" combined_user
CustomLog /proc/self/fd/1 combined_user
<Directory /deploy/server/www>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
FallbackResource /index.html
</Directory>
Header set Access-Control-Allow-Origin "\*"
RewriteEngine On
# Append userName for launcher endpoint; prefer X-Forwarded-User, then X-Remote-User, else 'unknown'
RewriteCond %{HTTP:X-Forwarded-User} ^([A-Za-z0-9._@-]+)$
RewriteRule ^/(launcher|paraview)(.*)$ http://localhost:9000/paraview$2?userName=%1 [P,QSA,L]
RewriteCond %{HTTP:X-Remote-User} ^([A-Za-z0-9._@-]+)$
RewriteRule ^/(launcher|paraview)(.*)$ http://localhost:9000/paraview$2?userName=%1 [P,QSA,L]
RewriteRule ^/(launcher|paraview)(.\*)$ http://localhost:9000/paraview$2?userName=unknown [P,QSA,L]
# WebSocket and HTTP proxying for launched apps
RewriteMap session-to-port txt:/opt/trame/proxy-mapping.txt
RewriteCond %{QUERY*STRING} ^sessionId=(.*)&path=(.\_)$ [NC]
RewriteRule ^/proxy.\*$ ws://${session-to-port:%1}/%2 [P]
</VirtualHost>
Launcher config
{
"configuration": {
"host": "0.0.0.0",
"port": 9000,
"endpoint": "paraview",
"log*dir": "/deploy/server/logs/launcher",
"proxy_file": "/opt/trame/proxy-mapping.txt",
"sessionURL": "ws://USE_HOST/proxy?sessionId=${id}&path=ws",
"timeout": 25,
"sanitize": {
"userName": {
"type": "regexp",
"regexp": "^[A-Za-z0-9.*@-]+$",
"default": "unknown"
}
},
"fields": ["userName"]
},
"resources": [
{ "host": "0.0.0.0", "port_range": [9001, 9500] }
],
"properties": { "userData": "/data" },
"apps": {
"trame": {
"cmd": [
"my_app",
"--host", "${host}",
"--port", "${port}",
"--server",
"--session-id", "${id}",
"--data-dir", "${userData}/${userName}",
"--user-name", "${userName}"
],
"ready_line": "App initiated"
}
}
}
Note that with this setup, “${userName}” is never resolved.
Am I missing something? Is this even supported by wslink?
I would appreciate any help!
Thanks