The docs don't allow for better linking, but Guacamole has support for reading groups from the JWT. You have to do some work ahead of time in Guacamole itself to set up a group named after your "admin group", giving the group "Administer System" permissions (and others).
https://guacamole.apache.org/doc/gug/openid-auth.html#configuring-guacamole-for-single-sign-on-with-openid-connect Search for "openid-groups-claim-type", and you might have to add the same value to "openid-scope". Here's my notes / setup for Docker + Authelia: https://github.com/mikew/homelab/blob/d4b058dea7f1eb741f7cb2746cd1e86d4674d424/services/auth/README.md?plain=1#L61-L64 https://github.com/mikew/homelab/blob/d4b058dea7f1eb741f7cb2746cd1e86d4674d424/services/remote-desktop-gateway/docker-compose.yml#L33-L39 > On Apr 5, 2024, at 3:58 PM, Johnnie W Adams <[email protected]> wrote: > > Hi, folks, > > I've inherited a single instance of Guacamole which is behind SSO. > > This is unfortunate, because I can't log in as guacadmin. How do you > folks set up to go around SSO with admin logins? > > Thanks, > > John A > > -- > John Adams > Senior Linux/Middleware Administrator | Information Technology Services > +1-501-916-3010 | [email protected] | http://ualr.edu/itservices > UA Little Rock > > Reminder: IT Services will never ask for your password over the phone or in > an email. Always be suspicious of requests for personal information that come > via email, even from known contacts. For more information or to report > suspicious email, visit IT Security. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
