Hello, Apologies if this is a re-send. I'm trying to unify Guacamole with LDAP and Keycloak. My main goal is to get WebAuthn support with Guacamole. To do so, I've setup Keycloak. Keycloak and Guacamole (via OIDC) work fine. The issue there is I need to maintain 2 databases of accounts - Keycloak accounts and Guacamole accounts, and map between the two.
I thought LDAP would solve that issue - a centralized database of both users and connections. I have LLDAP and Guacamole working just fine. I can create both users and connections in LLDAP, and log into Guacamole correctly. I cannot seem to unify all three fully, however. I have LLDAP as a User Federation in Keycloak. I can successfully open Guacamole, get redirected to Keycloak as an OIDC provider, authenticate through Keycloak with an LLDAP account, and return to Guacamole. My main issue is, my connections are not available. If I take my same database, turn off Keycloak, and revert it to just LLDAP<->Guacamole, I see my connections, proving they're configured just fine. But connections are lost when Keycloak/OIDC is reintegrated. I don't know enough about LDAP mappings to exactly pinpoint the problem, or if its an issue with the workflow between Guacamole, OIDC extension, LDAP extension, or whichever. Has anyone gotten this sort of thing working? Is there an easier integration for WebAuthn and Guacamole? Sent with [Proton Mail](https://proton.me/mail/home) secure email.
