On Mon, Jul 13, 2020, 09:17 BolleoOg <[email protected]> wrote: > This requested feature is what's holding me off from deploying Guacamole. > I'm > using OpenID for auth and and RDP with NLA.
I think allowing the groups associated with users authenticated by OpenID to be defined would be a better approach. New users should be able to set > up their own connection and credentials as OpenID cannot pass them. Allowing users to create their own connections is not recommended, as it is an admin-level permission. The ability to create connections is the ability to connect to any server on the network and to access the local resources of the Guacamole server, perhaps including the filesystem. It really should only be system administrators that are granted this permission Looking into mechanisms that would allow credential passthrough alongside OpenID would be better. Perhaps support for using a key vault? - Mike
