mike-jumper commented on code in PR #931:
URL: https://github.com/apache/guacamole-client/pull/931#discussion_r1394536847
##########
guacamole/src/main/java/org/apache/guacamole/tunnel/StandardTokenMap.java:
##########
@@ -102,6 +115,13 @@ public StandardTokenMap(AuthenticatedUser
authenticatedUser) {
else
put(USERNAME_TOKEN, authenticatedUser.getIdentifier());
+ if (get(USERNAME_TOKEN).contains("\\")) {
+ put(USERNAME_DOMAIN_TOKEN, get(USERNAME_TOKEN).split("\\\\")[0]);
+ put(USERNAME_ID_TOKEN, get(USERNAME_TOKEN).split("\\\\")[1]);
+ } else {
+ put(USERNAME_DOMAIN_TOKEN, "");
+ put(USERNAME_ID_TOKEN, get(USERNAME_TOKEN));
+ }
Review Comment:
If there is to be a new standard token, I think there's some value in having
one token (`GUAC_IDENTIFIER`? `GUAC_USER_IDENTIFIER`?) that represents
validated identity while the other (`GUAC_USERNAME`) represents the username
provided during the auth process, if any.
I'd also have no issue if this were 100% purely LDAP-specific tokens.
> ... or just pull the LDAP attribute with the username?
I think that much is already possible with the functionality provided by the
`ldap-user-attributes` property.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@guacamole.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
