[
https://issues.apache.org/jira/browse/GUACAMOLE-362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16128501#comment-16128501
]
Nicklas Björk commented on GUACAMOLE-362:
-----------------------------------------
I have no Java programming experience so I haven't dared to write any code...
I have been browsing through the source code trying to figure out why
connection settings with tokens in the credential fields didn't work when
switching from LDAP to CAS. It seems like tokenFilter is only used by Simple
authentication and LDAP authentication, resulting in tokens not being replaced
when authenticating with the CAS extension. At least in my installation it
seems like Guacamole is trying to logon using ${GUAC_USERNAME} as the username
instead of replacing it with an empty string.
> CAS authentication and ClearPass
> --------------------------------
>
> Key: GUACAMOLE-362
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-362
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole-auth-cas
> Affects Versions: 0.9.13-incubating
> Reporter: Nicklas Björk
> Priority: Minor
>
> Because of the nature of logging in with CAS, Guacamole does not know the
> user password. That means that automatic login using the ${GUAC_USERNAME} and
> ${GUAC_PASSWORD} tokens can not be used. It actually seems like the tokens
> are not available at all when using CAS as authentication method.
> For the brave, CAS offers a functionality called ClearPass to deliver the
> password in an encrypted message to the requesting service
> (https://apereo.github.io/cas/5.1.x/integration/ClearPass.html). That could
> be a way to populate ${GUAC_PASSWORD}, as long as username and password is
> being used to authenticate the user in CAS. If the tokens are being used in a
> connection profile, but isn't populated, I guess it would make sense to fall
> back to manual login.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
