Yes, I have created a group in Guacamole as 'Admin' and have the same group as 'Admin' on OKTA.
On Wed, Jun 7, 2023 at 6:57 AM Nick Couchman <[email protected]> wrote: > > > On Tue, Jun 6, 2023 at 2:39 AM Shantanu Panda > <[email protected]> wrote: > >> Hi Team, >> >> I am trying to integrate OKTA with Guacamole for SAML based sso : SAML >> <https://guacamole.apache.org/doc/gug/guacamole-docker.html#saml-authentication> >> >> I have a docker based setup for guacamole and using the below setup : >> >> docker run --name sso-guacamole \ >> --link some-guacd:guacd \ >> --link some-postgres:postgres \ >> -e GUACD_HOSTNAME=guacd \ >> -e POSTGRES_HOSTNAME=postgres \ >> -e POSTGRES_PORT=5432 \ >> -e POSTGRES_USER=guacamole \ >> -e POSTGRES_PASSWORD=mysecretpassword \ >> -e POSTGRES_DATABASE=guacamole_db \ >> -e POSTGRESQL_AUTO_CREATE_ACCOUNTS=true \ >> -e SAML_IDP_METADATA_URL=https://<okta_url>/app/<id>/sso/saml/metadata >> \ >> -e SAML_ENTITY_ID=https://<entity_id> \ >> -e SAML_CALLBACK_URL=https://<entity_id>/guacamole/ -e >> SAML_DEBUG=true -e REMOTE_IP_VALVE_ENABLED=true -p 8080:8080 \ >> -e SAML_STRICT=false -e EXTENSION_PRIORITY="saml" -e >> SAML_GROUP_ATTRIBUTE="groups" \ >> -d guacamole/guacamole >> >> The OKTA SAML Application is configured with basic configuration. >> The Authentication works but the permissions of OKTA groups are not being >> mapped to guacamole and thus the user logged in has no access to the >> administration settings. >> > > Can you confirm how the groups are being delivered from SAML, and they > match _exactly_ (including case sensitivity) the ones you/ve created in > JDBC? > > -Nick > >> -- SHANTANU PANDA Sr. Security Devops Engineer MOBILE +91 7387087672 EMAIL [email protected] Snowflake Inc. Pune, India
