On Thu, Jul 29, 2021 at 5:36 PM Li, Ming <[email protected]> wrote:
> Hi, > > > > I am a new person using Guacamole. I learned that the Guacamole supports > multiple authentications. I want to use Guacamole to develop and implement > the scenario that a user can add, delete and configure their VNC connection > after third-party login authentication. I'm trying to do this with OpenID > connect authentication and Database authentication, which I expect OpenID > connect authentication and Database authentication to work together. > > The process for login authentication is like this: > > Step 1: Guacamole has connected to Mariadb > > Step 2: Mariadb has been added user A as the user of Guacamole > > Step 3: user A logins Guacamole by OpenID connect > authentication successfully > > Step 4: user A can add, delete and configure their VNC > connection which this configuration data is saved to Mariadb > > My question is, does Guacamole support it? > Yes. You are actually required to do this, as the OpenID Connect support is strictly authentication-only. It provides no storage for connection data. >From http://guacamole.apache.org/doc/gug/openid-auth.html: "... This module must be layered on top of other authentication extensions that provide connection information, such as the database authentication extension, as it only provides user authentication." Beware that the ability to configure a connection is an administrative privilege. You should generally not grant that access to anyone who isn't an administrator of the system. Normal, non-administrative users should instead be granted access only to the connections created on their behalf by an administrator. Michael Jumper CEO, Lead Developer Glyptodon Inc <https://glyp.to/>.
