We do this all day long, easy solution is to implement the SQL database
connection, write directly to the database the user accounts and
passwords, use the REST API for connections; inject connection
information to database assigned to user and upon destroying the
connections delete username passwords and connection token.
Basically we wrote our own Provisioning server using an xAPI format to
control Guacamole for on the fly provisioning.
Hope this helps.
Sean
On 7/18/2023 1:44 PM, Najib . wrote:
Hi Nick,
Sadly this wont work for our use case. We pre create the user and link
it to a just-in-time created server connection. Afterwards the
connection is destroyed. If we would use groups instead then we need
to create a group for every single user just to circumvent this issue.
Since we use the email claim we discovered that the IdPs, which we
don’t have control over, can have various permutations of capitals in
the email address. So it gets hard to predict the correct username to
pre create, hence the need for capital insensitive usernames. Users
can be hard to predict when given control over entering their username.
On 2023/07/18 19:09:56 Nick Couchman wrote:
> On Tue, Jul 18, 2023 at 12:49 PM Najib . <[email protected]> wrote:
> >
> > We are having some grief with Guac being case sensitive for
usernames. I saw that this has been mentioned multiple times in the past:
> >
> >
> >
> > https://issues.apache.org/jira/browse/GUACAMOLE-1239
> >
> >
> >
> > We are facing the same problem using the OpenID extension.
> >
> >
> >
> > Anyone willing to implement an option to normalize all usernames
to end the grief? The poor ticket guy offered some sponsorship I am
willing to add to it.
>
> This can certainly be done, and the code is reasonably easy to
> change...however, if you have your SSO system (OpenID in your case)
> pass through the group names, and assign permissions that way, then
> you don't have to worry about it.
>
> -Nick
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
