[
https://issues.apache.org/jira/browse/GUACAMOLE-103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16870763#comment-16870763
]
Nick Couchman commented on GUACAMOLE-103:
-----------------------------------------
{quote}
Just a FYI but please be aware that unlike OpenID, SAML does have support for
the concept of "groups".
{quote}
Nor does CAS, in my experience, but you CAS does support the mapping of
arbitrary attributes from the authentication source through to the client, so
it is possible to do this without explicit support for groups within the
module. I would imagine SAML falls into a similar place.
{quote}
so please make sure you have "hooks" in any SAML auth module to support
authorisation - like the LDAP module does
{quote}
I'm not entirely sure what you're getting at, here. The LDAP module can work
either on its own, accessing connection information stored within the LDAP tree
(based on LDAP access to those objects), or it can work by mapping user and
group information into other modules. It's unclear to me from your statement
what you're asking to be done in the SAML module.
> SAML 2.0 support for user authentication
> ----------------------------------------
>
> Key: GUACAMOLE-103
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-103
> Project: Guacamole
> Issue Type: New Feature
> Reporter: Justin P
> Assignee: Nick Couchman
> Priority: Minor
>
> It'd be great if Guacamole supported SAML 2.0 so it could integrate with an
> organization's single sign-on (SSO) solution (especially popular platforms
> like OneLogin, Okta, Bitium, etc.)
> This would make authenticating to Guacamole easier for an organization's
> users, and it would make organization's IT/IS admins happier being able to
> apply authentication security controls to guacamole, such as password
> complexity rules, two-factor authentication rules, etc.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
