How to add a extension to guacamole?

I want to add an extension to guacamole. The Problem is first of all that there are two docker containers for guacamole and I don’t know in which one I should put the “.jar” file because I want to add the TOTP extension. In both containers, there isn’t the default GUACAMOLE_HOME path, normally under /etc/guacamole. There is only in the container “guacamole_guacamole_1” a path to /opt/guacamole with some folders, but if I create an extension folder with the .jar inside it doesn’t work and there is no error. It would be great if there is any easy way to add extensions.

Thank you for your help

1 Like

Hi, same here.
I am currently trying to set up SAML and TOTP.
I have found the folders in the Docker container under “/root/.guacamole/”.
These are linked to “/var/lib/docker/overlay2/{cyptevalue}/diff/root/.guacamole”.
As soon as you make the changes in this directory and then restart Guacamole, the files are overwritten.
So this is not very helpful, but it is a certain approach.
So there must be a folder structure somewhere in UCS where the original files are stored. These would then have to be adapted in order to activate TOPT or SAML.

But here I am also stuck.
It would be nice if someone here could help.

Hi Benedikt, Julian.

Did you use the (very, very, very old) Version from the app center?

A quick look into my actually Guacamole 1.5 docker installation:



Hi Stefan,

yes I’m using the “actual” version from the App Center.
This looks like a very old version.
I fond the same folder from the ldap config and it shows ldap version 0.9.13.
It looks like I should install the Guacamole docker on my own and add the Server to my UCS domain.
Would you recommend this?

Does the host also have to be in the domain, or does that not matter?

Best regards

i use own install docker on debian server on all my installs - the host has not to be joined - you may add ldap config in the guacamole docker, which i’m also not doing to have different password (with gaucamole db auth and 2fa) then in univention - yes have to maintain them there but think is more secure as user able to connect from e.g. internet cafe, hotelpc or what ever my have a risc for keyboard logger