[
https://issues.apache.org/jira/browse/GUACAMOLE-103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17144449#comment-17144449
]
Mike Jumper commented on GUACAMOLE-103:
---------------------------------------
OK, I've tested against G Suite and things appear to _almost_ work. I
encountered the following issues:
* Setting things up initially is a bit confusing, as G Suite requires something
called an ACS URL, whereas CAS does not require this. Apparently, this is just
the callback URL that Guacamole attempts to send to the service. If hosted at
{{https://example.net/guacamole}}, then the ACS URL would be
{{https://example.net/guacamole/app/ext/saml/callback}}.
* The IDP URL from G Suite is formatted like
{{https://accounts.google.com/o/saml2/idp?idpid=magicvaluefromgoogle}}, and
thus already contains a query string. This results in an incorrect URL being
produced in the initial redirect:
{{https://accounts.google.com/o/saml2/idp?idpid=magicvaluefromgoogle?SAMLRequest=giantrequesthere}}
If the URL construction is corrected, things work great. It may also be worth
documenting the "ACS URL" for providers that require it.
> SAML 2.0 support for user authentication
> ----------------------------------------
>
> Key: GUACAMOLE-103
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-103
> Project: Guacamole
> Issue Type: New Feature
> Reporter: Justin P
> Assignee: Nick Couchman
> Priority: Minor
> Fix For: 1.2.0
>
>
> It'd be great if Guacamole supported SAML 2.0 so it could integrate with an
> organization's single sign-on (SSO) solution (especially popular platforms
> like OneLogin, Okta, Bitium, etc.)
> This would make authenticating to Guacamole easier for an organization's
> users, and it would make organization's IT/IS admins happier being able to
> apply authentication security controls to guacamole, such as password
> complexity rules, two-factor authentication rules, etc.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
