On Thu, Nov 24, 2022, 10:27 AM Timothy Dilbert <[email protected]> wrote:
> Hi Michael, > > I've checked everything I can within the IdP. > Which IdP are you using? > - I'm already sending the email address as the Name ID. > > Perhaps so, but your IdP appears to not be honoring that setting, and is instead sending a UUID-like value. If it were sending the email address as the name ID, then that's what you'd see in Guacamole. > > - I've even tried selecting "Send all known attributes" but I am > getting the following error in Tomcat: > ``` > Unexpected internal error: Duplicate key SAML_GIVEN_NAME > ``` > > It seems your IdP is now sending an invalid SAML assertion... It's just not clear what I should do next to troubleshoot further. > Try using a SAML tracing extension for your browser so you can see the assertion. That might reveal what your IdP is doing wrong, the the fact that it's sending duplicate keys and failing to honor your name ID settings is troubling. Once you have obtained the SAML assertion and can see where it differs vs. the way you have configured your IdP, you may need to reach out to your IdP's support to correct things. I feel like I'm missing documentation that tells me what attributes to send > and their names. > > Also, could setting `sqlserver-auto-create-accounts` to TRUE be the reason > because the uuid accounts being created? > No. The only reason there would be UUIDs anywhere for usernames is if that is what the IdP is sending. Guacamole does not generate usernames on its own; it simply uses the value received verbatim. - Mike
