.. meta::
   :description: Instructions for setting up and using ThinLinc Web
                 Integration, allowing web servers to initiate ThinLinc
                 client connections with customized configurations
                 through CGI scripts.

.. _clientplatforms_web_integration:

Launching the client from a web page
------------------------------------

This feature allows a web server, such as an intranet or a web portal,
to initiate a ThinLinc client connection with a given configuration on
behalf of a user.

.. _clientplatforms_web_integration_requirements:

Requirements
~~~~~~~~~~~~

Web Integration requires an Apache HTTP Server, configured for TLS, with
the ability to run CGI scripts.

.. note::

   Some Linux distributions distributes their Apache HTTP Server with
   the mod_cgi module disabled. This module is required for Web
   Integration to work. On Ubuntu systems, it can be enabled by running
   the :command:`a2enmod cgi` command and restarting the httpd service.

.. note::

   If Web Integration is used over HTTP, an attacker with access to the
   network may be able to intercept user passwords. To protect from this
   happening, Web Integration automatically redirects to a HTTPS
   connection when HTTP is used.

.. _clientplatforms_web_integration_installation:

Installation
~~~~~~~~~~~~

The Web Integration feature is not enabled by default in a ThinLinc
installation. An installation script,
:file:`/opt/thinlinc/share/web_integration/install-web-integration`, is
provided for ease of installation.

.. code:: console

   $ sudo /opt/thinlinc/share/web_integration/install-web-integration

.. note::

   After installing the Apache HTTP configuration file, make sure to
   restart the httpd service to load the new configuration.

While the installation script works as-is on most supported platforms,
two environment variables grants you more control over where the
configuration file is installed. This can be useful if you have httpd
installed at a custom location.

.. environ:: APACHE_CONF_DIR

   If your Apache HTTP Server has been installed to a non-standard
   location, set this environment variable to tell the installation
   script where the configuration directory is located.

   If this parameter is unset, the installation script will attempt to
   find the configuration directory from a list of known locations.

   .. code:: console

      $ sudo env APACHE_CONF_DIR=/usr/local/etc/httpd/conf.d \
          /opt/thinlinc/share/web_integration/install-web-integration

.. environ:: APACHE_CONF_NAME

   The default behavior of the installation script is to install the
   configuration file in the configuration directory with the name
   :file:`thinlinc.conf`. If you already have a file with that name in
   the configuration directory that you wish to keep, set this
   environment variable to a different name.

   .. code:: console

      $ sudo env APACHE_CONF_NAME=web-integration.conf \
          /opt/thinlinc/share/web_integration/install-web-integration

.. _clientplatforms_web_integration_usage:

Usage
~~~~~

The process works like this:

1. The CGI script is called with the desired parameters.

2. The CGI script generates a "launch file", which is a normal client
   configuration file. When the browser receives this file, it launches
   the locally installed ThinLinc client.

The launch file delivered to the client is generated from the template
:file:`/opt/thinlinc/etc/tlclient.conf.webtemplate`. The CGI script
performs some substitutions on this file, before sending it to the
client. Currently, the following variables are substituted:

``$server_name$``
   The server name where the CGI script resides.

``$login_name$``
   The username, specified by the ``username`` CGI parameter.

``$password$``
   The password in hexadecimal ASCII notation, specified by the
   ``password`` or ``hexpassword`` CGI parameters.

``$autologin$``
   The value of the ``autologin`` CGI parameter.

.. _clientplatforms_tlclient_cgi:

The CGI script tlclient.cgi
~~~~~~~~~~~~~~~~~~~~~~~~~~~

The CGI script :file:`tlclient.cgi` is used to start the native client,
when launched from a web page. It accepts many parameters which affects
its operation. These are described below:

``server_name``
   The desired server name.

``username``
   The desired username. No default.

``password``
   The desired password, in plain text. No default.

``hexpassword``
   The desired password, in hexadecimal ASCII notation. This parameter
   overrides the ``password`` parameter. No default.

``redirto``
   After launching the native client, the browser will redirect to the
   web page specified by this parameter. Default value: the empty
   string.

``loginsubmit``
   This boolean parameter specifies if a login should be directly
   executed, instead of showing a login form. Default value: ``0``

``autologin``
   This boolean parameter specifies if the native client should
   automatically connect to the specified server at startup. Default
   value: ``1``

``start_program_enabled``
   This boolean parameter specifies if the native client should request
   that the server starts the session with the command supplied by the
   client, as indicated by the ``start_program_command`` parameter.
   Default value: ``0``

``start_program_command``
   This parameter specifies the command to use when starting the
   session. Default value: ``"tl-single-app firefox"``.

``displayurl``
   This boolean parameter can be used for debugging and development
   purposes. It will display a URL with all submitted parameters, and
   do nothing else. Default value: ``0``

``shadowing_enabled``
   This boolean parameter specifies if the native client should activate
   shadowing. Default value: ``0``

``shadow_name``
   This parameter specifies the user to shadow. Default value is the
   empty string.

To make it easier to test various parameters, the HTML file
:file:`cgitest.html` is included, in the same location as
:file:`tlclient.cgi`. It also demonstrates how to create icons on web
pages, which launches ThinLinc sessions.
