Mike Jumper created GUACAMOLE-1364:
--------------------------------------
Summary: Allow login with standard username/password when SSO is
enabled
Key: GUACAMOLE-1364
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1364
Project: Guacamole
Issue Type: Improvement
Components: guacamole-auth-saml, guacamole-auth-cas,
guacamole-auth-openid
Reporter: Mike Jumper
When SSO is in use, Guacamole automatically redirects all users to the IdP for
sign-in. This works well if all necessary user accounts are available through
that IdP, but effectively prevents logging in using any account unknown to the
IdP and prevents using multiple SSO implementations.
For example:
* If SAML is enabled, but the common "guacadmin" administrative account has no
counterpart in the SAML IdP, it will not be possible to sign in as "guacadmin"
until a SAML user that maps to the "guacadmin" identity exists.
* If multiple SSO solutions are enabled, only the solution that sorts first by
filename will be usable, with others not getting their chance to redirect to
their IdPs.
This can be solved by:
# Defining explicit behavior for the SSO implementations when they are not
sorted first (automatically adding a "Sign in with _____" button to the login
prompt produced extension that sort before the SSO implementation).
# Providing an easier mechanism for adjusting extension order (rather than
requiring renaming of files).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
