On Wed, Mar 31, 2021 at 7:27 AM michael böhm <[email protected]> wrote: > Hi Nick, > > thanks for your answer. I understood that using LDAP and SAML IDP on the > same Guacamole instance does not work as the redirect to the IDP is > performed the moment the user hits Guacamole's web GUI. > > When I still want to support LDAP in addition to SAML, would it be > possible to create another Guacamole container that uses the same guacd and > the same database but the authentication in this container is configured > for LDAP? Then I could configure my reverse-proxy with two subpaths like > /guacamole and /guacamole-saml. > >
Yes, that would work fine. The only thing you'd be missing is that active connections would not be synchronized between the two - so if someone opened a connection logged in as a SAML user, while that connection is running the users logged in with LDAP would not see it as an active connection. -Nick
