On Wed, Oct 26, 2022 at 10:41 AM Guertin, David S. <[email protected]> wrote:
> I've got a new Guacamole installation set up and configured with SAML > authentication, so that all users can log in with their Azure Active > Directory credentials. The authentication is working, and all allowed users > can log in, but there are no connections showing because none have been > configured yet. > > Earlier, I had played around with basic auth and gotten connections set up > in the user-mapping.xml file, but when I tried to read how to configure > connections with SAML auth, all I can find is: > > "This module does not provide any capability for storing or retrieving > connections, and must be layered with other authentication extensions that > provide connection management." > > At this point I'm lost. I can't find documentation describing how I would > layer SAML auth with another authentication extension. Is there a > documented procedure for doing this? > Yes - you need to set up one of the supported databases. See: https://guacamole.apache.org/doc/gug/jdbc-auth.html >From above: "... While most authentication extensions function independently, the database authentication can act in a subordinate role, allowing users and user groups from other authentication extensions to be associated with connections within the database. Users and groups are considered identical to those within the database if they have the same names, and the authentication result of another extension will be trusted if it succeeds. ..." You can have users authenticated by SAML, group memberships defined by SAML or the database, and connection configurations and authorizations defined by the database. After the database support is installed, the database-backed aspects of this are managed through the web UI. - Mike
