On Sunday, March 27, 2022, 05:32:07 PM GMT+2, Vieri <[email protected]> wrote: > > I created this: > https://issues.apache.org/jira/browse/GUACAMOLE-1565
Hi again, Regarding SAML there's another important feature I haven't requested on Jira yet. I require the guacamole application to allow access to its service ONLY if the user logging in belongs to a specific group sent in via the "groups attribute". In other words if the user does not belong to MY_REQUIRED_GROUP then it should NOT be granted access whatsoever. I'm attaching a patch which does just that although I'd rather show the denied user a message of some sort (and not just throw an exception). And yes, the required group name should be retrieved with confService. I know you have a lot of other areas to cover and that making changes to an authentication process can be tricky as you don't want to inadvertantly create a vulnerability, but could you please let me know at least if the feature request I already submited regarding the private key and this one are of any interest at all to the community so that I can decide whether to keep patching my guacamole installation long-term or not? Thanks, Vieri
guacc-saml-groups.patch
Description: Binary data
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
