OK - looks like there's general consensus on all this. I've created the "staging/1.3.0" branches for all relevant repositories and tagged all discussed issues accordingly. The list of all issues in 1.3.0 scope:
GUACAMOLE-221 - Parameter prompting within client interface GUACAMOLE-753 - Add TOTP auth method to start.sh for Docker image GUACAMOLE-760 - add timezone info using DB Connection string GUACAMOLE-793 - CAS Provider returns Group - like LDAP Provider GUACAMOLE-819 - Documented Duo secret key length is incorrect GUACAMOLE-857 - Add Docker Image Support for HTTP Header-Based Authentication GUACAMOLE-903 - Improved Chinese internationalization support GUACAMOLE-912 - Fix Guacamole Docker Documentation to indiciate image does not support LDAP Docker Links GUACAMOLE-919 - An I/O error occurred while sending to the backend GUACAMOLE-942 - Query may fail if all connections disconnect while listing active connections GUACAMOLE-949 - Remove unused UNIX_TIME macro GUACAMOLE-980 - used tomcat-jre8 Docker-Image seems to be deprecated GUACAMOLE-982 - Typo mistake : incorrect the error log message of RDP GUACAMOLE-987 - ldap-user-attributes is not set via an env variableGUACAMOLE-1001 - RADIUS Extension Needs Additional Attributes GUACAMOLE-1021 - Top level organizational level of connection group repeated when user is in two groups that contain different hosts GUACAMOLE-1031 - SFTP upload directory ignored GUACAMOLE-1054 - Improve Russian translation GUACAMOLE-1078 - Add Catalan Language to Guacamole GUACAMOLE-1081 - option to convert usernames to all lowercase GUACAMOLE-1082 - Add guacamole-auth-cas to docker Script GUACAMOLE-1103 - Typo mistake : the incorrect comment of a variable for the RDP setting GUACAMOLE-1107 - "allowed-languages" property incorrectly documented as "available-languages" GUACAMOLE-1110 - Size and security improvements for Docker images GUACAMOLE-1114 - Problem that the guacamole server doesn't destroy some thread mutexes GUACAMOLE-1120 - CAS module causes app.js download errors GUACAMOLE-1122 - Fail in compile of RDP protocol when SSH is unavailable GUACAMOLE-1123 - Standardize on filtered history query for user and connection management GUACAMOLE-1125 - Ctrl+Alt+End(Supr) only working once GUACAMOLE-1135 - MySQL SSL - Trust Store Paths Expecting URI GUACAMOLE-1136 - MySQL SSL Client Cert Environment Variables Return Trust Store GUACAMOLE-1146 - TOTP authentication fails when totp-period is set GUACAMOLE-1147 - Add support for additional LDAP properties in Docker GUACAMOLE-1149 - Login using LDAP fails internally if TOTP is used without automatic user creation GUACAMOLE-1150 - Connection group permissions aren't checked correctly GUACAMOLE-1151 - Add nbproject directory to .gitignore file GUACAMOLE-1152 - Enabling skip-if-unavailable breaks expired password change GUACAMOLE-1158 - RDP "disable-copy" flag does not work GUACAMOLE-1172 - Retrieve groups from OpenID GUACAMOLE-1181 - Memory allocated for outbound SVC PDUs may not be freed GUACAMOLE-1182 - Memory allocated for outbound RDP clipboard data is not properly freed Corresponding JIRA search: https://issues.apache.org/jira/browse/GUACAMOLE-1182?jql=project%20%3D%20GUACAMOLE%20AND%20fixVersion%20%3D%201.3.0 - Mike On Tue, Sep 8, 2020 at 5:50 PM Tim Worcester <[email protected]> wrote: > Currently if you use an OIDC solution as a identity provider RDP > connections don’t really work since Guacamole itself never handles the > password. The prompting in GUACAMOLE-221 takes care of that. (This may > apply to more than RDP, that was just the use case I ran into) > > Thus, I believe that the two issues can be related to the Guacamole OIDC > auth plugin use case. > > On Tue, Sep 8, 2020 at 7:59 PM Mike Jumper <[email protected]> wrote: > > > On Tue, Sep 8, 2020 at 9:50 AM Tim Worcester < > [email protected]> > > > > wrote: > > > > > > > > > I would like to vote for GUACAMOLE-1172 to be added in as well, I think > > it > > > > > ties in nicely with the OIDC friendly features being added with > > > > > GUACAMOLE-221. > > > > > > > > > > > > > It does look like the PR for GUACAMOLE-1172 is nearing readiness, but can > > > > you clarify in what way those changes (support for defining group > > > > memberships via OpenID) align with GUACAMOLE-221 (general support for > > > > prompting users for remote desktop credentials)? > > > > > > > > - Mike > > > > >
