On Tue, May 28, 2019 at 5:39 PM parth.mishra <[email protected]>
wrote:
> Upon successful authentication via OIDC, the user is returned to the
> redirect
> URI e.g. ("https://myserver.com/guacamole/";). I want to know if it's
> possible to redirect the user to their originally requested URL after
> successful authentication.
>
>
Possible, probably; implemented, probably not. I would think that most of
the SSO modules just redirect back to the Guacamole home page after the
successful authentication and not back to the provided URL.
> This way, if they were to click a direct link to a guacamole Connection
> they
> have access too, the successful authentication via the IDP can reroute them
> directly to the requested connection URL rather than the guacamole UI.
> Typically this is done with encoding the request url with the "state"
> parameter of OIDC and verifying with the nonce.
>
>
Yep, it's a really good point, and probably worth a feature request on the
Guacamole JIRA page. My feeling is that it would be doable, but we'd need
to make sure that we address any security concerns for this, as well, since
there's some level of security provided by the fact that the redirect URL
for SSO is administrator-specified and not dynamically derived.
-Nick
