Greetings,
I am a new user and have spent considerable time searching the manual and
mailing list archives, so I apologize if I have missed the answer to this.
I am migrating a 1.3.0 Guacamole installation to 1.6.0 and we are interested in
the SAML feature to provide a consistent MFA experience to our users.
However, since there appears to be no defined ${GUAC_PASSWORD} at the end of
that process (which makes sense), we would have to redefine all of our
connections and there seems to be issues with RDP with SFTP for file transfer
(the connection just hangs instead of prompting for a password). Also I have
the group names coming back in the claim but they don't seem to be recognized
(the group based connections are not visible to the user).
So my question is whether you can force the LDAP login to happen after the SAML
authentication? Essentially we are not as worried about the SSO as just
introducing a familiar MFA mechanism to the users, who would then still login
to Guacamole through LDAP (preferably just prompting for the password to avoid
them changing usernames between the two stages). This would enable us to
upgrade the current database and for the user experience to remain mostly
unchanged through the upgrade.
Thank you,
Cale
