On 1/24/25 12:42 AM, Bhupender wrote:
Thank you Mike for clarifying about Guacamole's smart card support
limitations. Based on your response, I understand:
1. Guacamole doesn't currently support direct smart card redirection
2. The properties I tried in guacamole.properties are invalid
3. Smart card SSO will be available in version 1.6.0 (GUACAMOLE-839)
I'll explore using the ${GUAC_USERNAME} token as a workaround for now.
Questions:
1. For version 1.6.0 SSO, will it support specific smart card types/
standards?
That would actually be up to the user's OS and browser. Only the local
OS and browser will be interfacing directly with the smart card.
For smart card SSO within Guacamole, you deploy a reverse proxy like
Nginx to provide SSL/TLS client authentication. Guacamole consumes the
assertion of the user's identity via an HTTP header added by that
reverse proxy.
2. What's the expected timeline for 1.6.0 release?
It looks like 1.6.0 should be ready in a week or two, but take that with
a grain of salt. We're moving forward carefully given the scope of the
changes to guacd intended to improve performance.
If no other issues pop up during testing, a week or two should be accurate.
- Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
