Table of Contents

X2Go Session Broker Protocol: Plain Text

Provided by Oleksandr Shneyder, edited by Mike Gabriel

Client implementations:

The X2Go project offers a public X2Go Session Broker implementation. However, there also exist several other implementations in large-scale production deployments.

In theory, you can implement your own X2Go Session Broker by meeting some basic demands.

This documentation explains a minimal broker implementation along the code of a Perl script.

In this example, the X2Go Session Broker consists of two components:

  1. (a Perl module, the broker backend)
  2. the broker frontend (either of the below):
    1. x2gobroker.cgi (a CGI script written in Perl → HTTP based broker)
    2. x2gobroker (a command line script written in Perl → SSH based broker)

X2Go Session Broker: an Example Implementation

Broker Module / Backend

The package can be considered as the broker backend. It has to implement two functions at minimal (names are arbitrary):

If you want to use authentication with your session broker, the broker backend also has to provide a function called

A very small and simple broker backend can look like this:

package x2gobroker;
use strict;
use base 'Exporter';
our @EXPORT = ('checkAccess', 'listSessions', 'selectSession');

# We have two session profiles (hard-coded in this example)
#   + sid=123456789
#   + sid=abcdefg
sub selectProfile
  my ($user, $sid)=@_;
  if($sid eq "123456789")
      print "\n";
  if($sid eq "abcdefg")
      print "\n";

# Do not check authentication data,
# return true on any combination of username/password.
# Modify to your needs if you need authentication

sub checkAccess
        return 1;

# configuration for our two session profiles

sub listSessions
  my $user=shift;
name=X2Go Session

name= Test X2Go Session 2



Broker Frontends

X2Go Client can access a broker module using one of two broker methods:

Broker Frontend: HTTP(s)

The implementation of an HTTP(S) X2Go Session Broker is usually a CGI script, which can look like this (if written in Perl):


use strict;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
use lib "/usr/lib/x2go";
use x2gobroker;
my $cgi = new CGI;

my @formValues = $cgi->param();

print $cgi->header(-type    =>'text/plain',
                         -expires =>'+1h'),
      $cgi->start_html(  -title   =>'X2Go Broker',
                         -author  =>'',
                         -base    =>'true',
                         -meta    =>{'keywords'   =>'x2go',
                         'description'=>'X2Go Broker'});

if (!checkAccess($cgi->param('user'), $cgi->param('password'),
$cgi->param('authid')) == 1)
  print $cgi->end_html();
  exit (0);

print $cgi->start_form(),
$cgi->strong('Access granted');

if ($cgi->param('task') eq 'listsessions')

if ($cgi->param('task') eq 'selectsession')
   selectSessions($cgi->param('user'), $cgi->param('sid'));
 print $cgi->end_html();

sub printNoAccess
      print $cgi->start_form(),
            $cgi->strong('Access denied'),

Broker Frontend: SSH

An SSH broker implementation can be a simple Perl script that gets run from the command line via SSH. Such a script could look like this:

use strict;
use lib "/usr/lib/x2go";
use x2gobroker;
use Getopt::Long;

my $user=getlogin();
my $authid;
my $task;
my $sid;

# You don't need to check password on ssh brocker.
# But possible you still want to check auth id

#if (!checkAccess($user, $authid) == 1)
#  printNoAccess();
#  exit (0);

print "Access granted\n";
GetOptions('task=s' => \$task,
           'sid=s' => \$sid);

if(! $task)
    die "parameter --task is required";

if ($task  eq 'listsessions')
elsif ($task eq 'selectsession')
   if(! $sid)
       die "parameter --sid is required";
   selectSession($user, $sid);
   die "task \"".$task."\" not implemented on broker\n";

sub printNoAccess
      die 'Access denied';