On Tue, Mar 31, 2020 at 3:42 PM Sebastian Männling < [email protected]> wrote:
> any comment if openid connect authentication with connection > settings/options from ldap should or should not work at all? > > This is unlikely to work, because the LDAP extension relies on successful authentication by the user who logs in to the LDAP tree in order to retrieve the LDAP objects. If you're using OpenID, or any other SSO platform, you're unlikely to have that user's password in order to try the authentication, and the LDAP extension will just silently fail. CAS can potentially work around this by using the ClearPass feature to provide the user's password back to Guacamole, but that feature is only implemented in the CAS Authentication Extension, and I'm unsure if either OpenID or any other SSO platform supports that. If you're going to use OpenID you'd likely be better off storing configurations for connections in the JDBC module. -Nick
