[ 
https://issues.apache.org/jira/browse/GUACAMOLE-103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16870763#comment-16870763
 ] 

Nick Couchman commented on GUACAMOLE-103:
-----------------------------------------

{quote}
Just a FYI but please be aware that unlike OpenID, SAML does have support for 
the concept of "groups".
{quote}

Nor does CAS, in my experience, but you CAS does support the mapping of 
arbitrary attributes from the authentication source through to the client, so 
it is possible to do this without explicit support for groups within the 
module.  I would imagine SAML falls into a similar place.

{quote}
so please make sure you have "hooks" in any SAML auth module to support 
authorisation - like the LDAP module does
{quote}

I'm not entirely sure what you're getting at, here.  The LDAP module can work 
either on its own, accessing connection information stored within the LDAP tree 
(based on LDAP access to those objects), or it can work by mapping user and 
group information into other modules.  It's unclear to me from your statement 
what you're asking to be done in the SAML module.

> SAML 2.0 support for user authentication
> ----------------------------------------
>
>                 Key: GUACAMOLE-103
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-103
>             Project: Guacamole
>          Issue Type: New Feature
>            Reporter: Justin P
>            Assignee: Nick Couchman
>            Priority: Minor
>
> It'd be great if Guacamole supported SAML 2.0 so it could integrate with an 
> organization's single sign-on (SSO) solution (especially popular platforms 
> like OneLogin, Okta, Bitium, etc.)
> This would make authenticating to Guacamole easier for an organization's 
> users, and it would make organization's IT/IS admins happier being able to 
> apply authentication security controls to guacamole, such as password 
> complexity rules, two-factor authentication rules, etc.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to