On Mon, Apr 29, 2024 at 6:35 AM Vieri <[email protected]> wrote:
> Hi, > > I set up guacamole with SAML SSO (no clearpass). > > The users log into the system and are assigned to RDP, ssh, vnc > connections, as needed. > In all of the connection settings (eg for RDP), the following are left > blank: > > Under PARAMETERS, Authentication: > Username, Password, Domain, Security mode > > So, for a given RDP connection, any SAML-authenticated user can > potentially access that target host by entering user credentials again. > > I was wondering if it were possible for Guacamole to have an extra > user-defined "object" for credential storage. > For instance, a user could create "credentials1" with a set of RDP > credentials, "credentials2", etc. in his/her profile. > When connecting to an authorized host (guacamole "connection"), the > guacamole client GUI could ask the user which "credentials" object to use > for that connection. > > I think the closest thing to what you're looking for that is currently supported in Guacamole is the "vault" extension, which supports pulling tokens from a credential vault. The only vault currently supported is Keeper Secrets Manager, but support could certainly be extended to other types of vaults with some code writing. -Nick
