Hello ! I have one issue with CAS authentication and one question about authorization. I installed a guacamole with CAS authentication. We tried SAML but without success because our IDP need some metadata from Guacamole itself. I decided to use CAS instead.
The authentication works great but using the 1.1 version of the plugin. I have a blank page when I use the 1.2 version. I guess there is an issue with the latest ? I extracted the .jar file and found that some files seems to be missing comparing to v1.1. Am I wrong ? With v1.2, the only error I have is with httpd (working as a proxy): /[Thu Aug 27 09:18:18.821932 2020] [proxy_http:error] [pid 3681:tid 140035865179904] (70008)Partial results are valid but processing is incomplete: [client <CLIENT_IP>:37194] AH01110: error reading response, referer: https://<SERVER_URL>/ / I increased the log level, see attached: httpd_error_debug.txt <http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/file/t888/httpd_error_debug.txt> I have no log from tomcat (even with a trace loglevel) It works fine with v1.1 of the plugin. So... The thing is: I want to add some authorization behind that authentication. I tried to export some attributes, but the fields in Guacamole settings are still blank after the login. (I thought the mysql-auto-create-accounts: true" option would be enough) Is there a way to give authorization by default to some users after they login using CAS ? My goal is to : User Y log in using CAS --> auto create account in mysql with imported attribute from CAS --> authorize connection to X workstation for Y user. I will use this Guacamole installation for hundreds of people... I would like to avoid creating/editing each user and connection "manually". LDAP connection with modified schema is not possible due to political reason :( Is this possible using CAS ? Or only using LDAP authentication ? Am I missing something ? -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
