Hi, The SAML response contains something like this:
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_78384d7d6a6258ef3b093cb05c41fa83" IssueInstant="" Version="2.0"><saml2:Issuer>https://someother.domain.org/idp/shibboleth</saml2:Issuer><saml2:Subject><saml2:NameID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="https://someother.domain.org/idp/shibboleth"; SPNameQualifier="https://some.domain.org/guac";>my_user</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData Address="1.2.3.4" InResponseTo="ONELOGIN_f6fed553-e0af-4107-b308-2a0e889e833c" NotOnOrAfter="" Recipient="https://some.domain.org/guac/api/ext/saml/callback";></saml2:SubjectConfirmationData></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="" NotOnOrAfter=""><saml2:AudienceRestriction><saml2:Audience>https://some.domain.org/guac</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="" SessionIndex="_d91a7c0cde10a74df0d4ab1269ee19e8"><saml2:SubjectLocality Address="1.2.3.4"></saml2:SubjectLocality><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef><saml2:AuthenticatingAuthority>https://yetanother.domain.org/osp/a/TOP/auth/saml2/metadata</saml2:AuthenticatingAuthority></saml2:AuthnContext></saml2:AuthnStatement><saml2:AttributeStatement><saml2:Attribute FriendlyName="cn" Name="urn:oid:2.5.4.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="xsd:string">my_user</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName="memberOf" Name="urn:oid:1.2.840.113556.1.2.102" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="xsd:string">my_group_1</saml2:AttributeValue><saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="xsd:string">my_group_2</saml2:AttributeValue><saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="xsd:string">my_admin_group</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion> Is it the format Guacamole expects? I have this in my guacamole.properties: saml-group-attribute: urn:oid:1.2.840.113556.1.2.102 Regards, Vieri --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
