Ok thanks. I wanted to make sure to avoid troubleshooting something that was expected behavior.
I have debug logging enabled and am able to see the group names coming from my identity provider. The line says “Group” so I set saml-group-attribute: Group in guacamole.properties (documentation says Groups is default) But when I log in, the group membership is not recognized and connections and permissions are not being applied. Is there any other way to troubleshoot why the group membership is not being recognized? Thanks From: Nick Couchman <[email protected]> Sent: Sunday, October 4, 2020 4:02 PM To: [email protected] Subject: [EXTERNAL] Re: SAML Authentication Extension Group Membership WARNING: This email originated outside the Hostos campus. Do not click links or open attachments unless you recognize the sender and know the content is safe. Never provide login credentials, financial or sensitive details in response to an email or by clicking on a link. Report suspicious emails to: [email protected]<mailto:[email protected]> On Sun, Oct 4, 2020 at 4:01 PM Mike Jumper <[email protected]<mailto:[email protected]>> wrote: On Sun, Oct 4, 2020, 12:49 Nick Couchman <[email protected]<mailto:[email protected]>> wrote: On Sun, Oct 4, 2020 at 3:45 PM MARTINEZ, ARIEL <[email protected]<mailto:[email protected]>> wrote: Does anyone know if the SAML extension is supposed to take the group membership of a user and associate it automatically to a group defined in Guacamole that has the same name? This is what happens with the LDAP authentication extension, not sure if something similar applies to the SAML one. The SAML extension does not currently implement Group membership. Doesn't it? The "saml-group-attribute" property defines the SAML attribute used to retrieve groups. Ah, yes, you're correct - I think I'm so used to answering that way for the other SSO modules that it was an automatic response... -Nick
