On Mon, Feb 14, 2022 at 2:52 PM Bryan Ohana <[email protected]>
wrote:
> HI Everyone
>
>
>
> I have managed to make SAML with Azure AD works with version 1.3.0 (not
> version 1.4.0 for which I have a loop connection with the same
> configuration so if you have clue for that, that would be great !).
>
>
>
You can definitely post your configuration (minus sensitive information)
and the errors you're getting and we can try to figure it out. I use 1.4.0
against AD, but not AzureAD.
> I would like to make sure that when users try to RDP to a VM they directly
> authenticate with the same credentials that they use with SAML so I used in
> the RDP
>
> Username : AzureAD\${GUAC_USERNAME}
>
> Password : ${GUAC_PASSWORD}
>
>
>
You can't use this configuration with SAML, because Guacamole doesn't know
the password - most SSO IdPs do not provide the password back to the SAML
Service Provider. (The only exception I know for this is the CAS IdP, which
has the ClearPass configuration that can provide that back.). If the token
doesn't have a value, it is interpreted as a literal value, so that's why
you're receiving a password failure.
-Nick
