On Mon, Mar 27, 2023 at 1:31 PM Nick Ragsdale <[email protected]> wrote:
> Hey folks, > > Hope this is the right place and that this email finds you well. I've been > struggling for a fair bit with getting a POC up for Guacamole behind a > reverse proxy in our environment, to be integrated with Okta SSO. We are > leveraging SAML through Okta's offerings, and the authentication part is > working just fine - but when a user successfully logs in, none of the > connections are made available and no permissions are granted. > > I worked with Okta and took a SAML trace to confirm that Okta is sending > the groups correctly, but it appears Guacamole isn't receiving them. > What attribute is being used within the SAML response to provide group memberships? Do the names of the groups within the SAML response identically match the names of corresponding groups within Guacamole, including case? - Mike
