Thanks for getting back to me Mike. We're using the "groups" attribute and the names of the groups do match identically, including case. I've also ensured the user groups within Guacamole have the "READ" permission for the appropriate connections.
-Nick On Thu, Mar 30, 2023 at 2:08 PM Michael Jumper <mjum...@apache.org> wrote: > On Mon, Mar 27, 2023 at 1:31 PM Nick Ragsdale < > nragsd...@montgomerytech.net> wrote: > >> Hey folks, >> >> Hope this is the right place and that this email finds you well. I've >> been struggling for a fair bit with getting a POC up for Guacamole behind a >> reverse proxy in our environment, to be integrated with Okta SSO. We are >> leveraging SAML through Okta's offerings, and the authentication part is >> working just fine - but when a user successfully logs in, none of the >> connections are made available and no permissions are granted. >> >> I worked with Okta and took a SAML trace to confirm that Okta is sending >> the groups correctly, but it appears Guacamole isn't receiving them. >> > > What attribute is being used within the SAML response to provide group > memberships? > > Do the names of the groups within the SAML response identically match the > names of corresponding groups within Guacamole, including case? > > - Mike > > -- Nick Ragsdale Sr. Network Engineer Montgomery Technologies Technology Management of Premier Commercial Buildings Office 844.824.0100 x245 www.montgomerytech.net | www.riser.com