Hi,
A specific user logs in fine but is not shown the authorized connection list.
This user is a member of group My_Group.
I can see that the DB is OK:
"SELECT entity_id FROM guacamole_entity WHERE name = 'My_Group' AND type =
'USER_GROUP';"
entity_id
-----------
151
(1 row)
"SELECT * FROM guacamole_user_group WHERE entity_id = 151;"
user_group_id | entity_id | disabled
---------------+-----------+----------
1 | 151 | f
(1 row)
"SELECT * FROM guacamole_user_group WHERE entity_id = 151;"
user_group_id | entity_id | disabled
---------------+-----------+----------
1 | 151 | f
(1 row)
"SELECT * FROM guacamole_connection WHERE connection_name = 'Intranet kiosk
(RDP)';"
connection_id | connection_name | parent_id | protocol | max_connections |
max_connections_per_user | connection_weight | failover_only | proxy_port |
proxy_hostname | proxy_encryption_method
---------------+---------------------+-----------+----------+-----------------+--------------------------+-------------------+---------------+------------+----------------+-------------------------
139 | Intranet kiosk (RDP)| | rdp | |
| | f | |
|
(1 row)
"SELECT * FROM guacamole_connection_parameter WHERE connection_id = 139;"
connection_id | parameter_name | parameter_value
---------------+------------------------+--------------------------------------------------------------
139 | hostname | ...
139 | load-balance-info | ...
139 | security | nla
139 | remote-app | ||IntranetFFkiosk
(17 rows) [trimmed]
"SELECT * FROM guacamole_connection_permission WHERE connection_id = 139;"
entity_id | connection_id | permission
-----------+---------------+------------
151 | 139 | READ
(1 row)
All the above should mean that the group 'My_Group' *should* see and access the
connection "Intranet kiosk (RDP)", right?
Now, if the user who logs in doesn't it means that Guacamole does not consider
it a member of 'My_Group', right?
I am using Postgresql as a backend, and I'm not specifying within the DB tht
this user is a member of 'My_Group'. That's because I want to delegate
user/group management to SAML.
I have this in my giavamole.properties:
saml-group-attribute: urn:oid:1.2.840.113556.1.2.102
I also have
saml-debug: true
When the user logs in I can see this in catalina:
c.onelogin.saml2.authn.SamlResponse - SAMLResponse has attributes:
{urn:oid:1.2.840.113556.1.2.102=[Some_group, My_Group, Another_Group],
urn:oid:2.5.4.3=[MyUser], IDP=[INTERNAL]}
The group is there, so what's wrong?
Vieri Jerome
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
