On Tue, Jun 6, 2023 at 2:39 AM Shantanu Panda <shantanu.pa...@snowflake.com.invalid> wrote:
> Hi Team, > > I am trying to integrate OKTA with Guacamole for SAML based sso : SAML > <https://guacamole.apache.org/doc/gug/guacamole-docker.html#saml-authentication> > > I have a docker based setup for guacamole and using the below setup : > > docker run --name sso-guacamole \ > --link some-guacd:guacd \ > --link some-postgres:postgres \ > -e GUACD_HOSTNAME=guacd \ > -e POSTGRES_HOSTNAME=postgres \ > -e POSTGRES_PORT=5432 \ > -e POSTGRES_USER=guacamole \ > -e POSTGRES_PASSWORD=mysecretpassword \ > -e POSTGRES_DATABASE=guacamole_db \ > -e POSTGRESQL_AUTO_CREATE_ACCOUNTS=true \ > -e SAML_IDP_METADATA_URL=https://<okta_url>/app/<id>/sso/saml/metadata > \ > -e SAML_ENTITY_ID=https://<entity_id> \ > -e SAML_CALLBACK_URL=https://<entity_id>/guacamole/ -e > SAML_DEBUG=true -e REMOTE_IP_VALVE_ENABLED=true -p 8080:8080 \ > -e SAML_STRICT=false -e EXTENSION_PRIORITY="saml" -e > SAML_GROUP_ATTRIBUTE="groups" \ > -d guacamole/guacamole > > The OKTA SAML Application is configured with basic configuration. > The Authentication works but the permissions of OKTA groups are not being > mapped to guacamole and thus the user logged in has no access to the > administration settings. > Can you confirm how the groups are being delivered from SAML, and they match _exactly_ (including case sensitivity) the ones you/ve created in JDBC? -Nick >