Le 09/04/2021 à 23:23, Mike Jumper a écrit : > On Fri, Apr 9, 2021 at 11:58 AM Philippe MARASSE > <[email protected]> wrote: > > ... > The one issue we have is with CAS authentication : at this time, > we cannot log out of guacamole only. I've seen some JIRA issues > about Single Log Out, but I was wondering if I can insert a logout > view instead of doing standard logout that brings user to the > login page => CAS Login => autologin, so logout is pretty > impossible at this time. > > > Yes - I think adding some sort of "You have been logged out. [Link to > sign back in]" behavior to the logout handling would solve this. I > have been off-and-on looking into doing exactly that, but have not > made any changes worth PR-ing yet. > > If you have already made such changes, definitely feel free to open a > PR. It would address the logout behavior of all SSO implementations. I'd like to do so :-). But I don't know which package should I have a look. So if you can show me some directions...
For now, I've only added an option in guac.properties to choose the ticket validation method of CAS authentication. Because the default authentication that is actually implemented in guacamole is CASv2 Protocol + Proxy, this protocol version does not allow attributes release (in the original docs, but I've seen some implementation that do some tweaks ). So I've added other methods : - Plain CASv2 Protocol - CASv2 + Proxy (original implementation) - Plain CASv3 Protocol (supports attributes by design) - CASv3 + Proxy - SAMLv1.1 (The only standard way to get attributes before CASv3). I can open a PR if someone is interested in (and rewrite all comments in english ;-) ). Regards. -- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19
