Hi all, Interesting to think having multiple accounts with different passwords is more secure than SSO.
I would try to go for an SSO solution like OpenID connect and extend with multi factor authentication. Thanks Peter Get Outlook for Android<https://aka.ms/ghei36> ________________________________ From: Dave Kempe <[email protected]> Sent: Friday, May 8, 2020 1:32:05 PM To: [email protected] <[email protected]> Cc: [email protected] <[email protected]> Subject: Re: Want some Salsa with your guacamole? On Fri, May 8, 2020, 9:25 PM Sven Specker <[email protected]<mailto:[email protected]>> wrote: On Your setup with salsa: haproxy(auth)->guacamole-appserver(maybe cas/shib,mfa)->guacd So..3 factor authentication? /If/ you can pull that off with your users and force them to use different passwords and disable sso, yes. That would increase security. That's the idea. We have used an older version of salsa in production for years and it has worked well. The support model suited the particular environment, for example where you have vendors who need to support legacy devices, and have internal staff hold their second factor. Thanks Dave
