Hi Mathieu, On 7/7/16 10:38 AM, Mathieu Galliere wrote: > Hello, > > I want to thank you for the huge work done by you and your team. > Guacamole is just amazing ! > > I write this email to you for a simple question : I'm trying to add > guacamole to the CAS portal > (https://apereo.github.io/cas/4.2.x/index.html) and to enable the > single sign on provided by CAS on Guacamole.
A few weeks ago, we discussed to do the same in our working group, but we haven't had the manpower resources to start, yet. Having a link to CAS would be a very interesting feature as we integrated Guacamole into our institution's e-learning platform (Moodle, ownCloud, Guacamole and so on) and we would even like to integrate it much more by avoiding the necessity of additional logins. > I have half of the work done, Guacamole is available only for user > who are logged on CAS but i'm trying to bypass the guacamole auth > form helped by CAS's cookies. That sounds interesting. Is your code available in a public repository? > It can be done by the REST API from guacamole but i cannot find some > documentation which can lead me on "how to do SSO using tokens" and > I didn't find anything about this in jira and mailing list. Good question. Unfortunately, I don't have any solution, yet. We are still in a very conceptual state. Perhaps one of my students has an idea. The problem I had already in our concept was that Guacamole needs to know the plain text password for logging in to the actual remote desktop (e.g. the Linux or Windows terminal server). This is not available when a user logs in into the SSO service CAS. I have just found that working with CAS' ClearPass module [1] might help in this situation (while, at the same time, being aware that this feature clearly has its drawbacks from a security viewpoint). Do you have any idea to tackle this problem? > There is of course the way to develop an auth-module but i don't > have the skill to do this. Yes, I think that would be the best idea which also might have the biggest chance to get the approach accepted into the project. That was the way we thought about trying it. > If there is nothing like this, a lot of academic's institutions are > looking for this and i think that can be very good for your project! I can absolutely agree and underline this. Maybe we can work together on this. I'll have a talk to my student assistants next week. Kind regards, Steffen [1] https://wiki.jasig.org/display/casum/clearpass -- ------------------------------------------------------------------------ Dipl.-Inf. Steffen Moser School of Advanced Professional Studies Room: O27/317 Ulm University Tel: +49.731.50-24179 Albert-Einstein-Allee 11 Fax: +49.731.50-24182 89081 Ulm, Germany http://saps.uni-ulm.de/
