On Mon, Sep 18, 2017 at 8:23 AM, richk <rk5devm...@gmail.com> wrote: > > In the docs with regards to the CAS extension it has this line: > > "This module must be layered on top of other authentication extensions that > provide connection information, as it only provides user authentication". > > So would I configure the auth-provider property with > BasicFileAuthenticationProvider as usual, but then specify > cas-authorization-endpoint and cas-redirect-uri to override the default > login action to use CAS instead?
There actually is no "auth-provider" property. This property was deprecated in 0.9.7 in favor of a new, self-contained extension format [1] and finally removed entirely in 0.9.10-incubating [2]. Usage of this property between 0.9.7 and 0.9.10-incubating would have worked but resulted in a warning in the logs, but the property it is now ignored. It is no longer documented in the manual, and any third-party tutorials which refer to it are out of date. If so, then can I just specify the > connection configs in user-mapping.xml as usual too? > > Is that how it's intended to work? It seems too easy? > > This is exactly how it's intended to work. Guacamole supports loading multiple extensions simultaneously, and will automatically combine authentication methods. I'd recommend using the MySQL or PostgreSQL extensions instead of "user-mapping.xml", however. Besides the way that user-mapping.xml requires the password to be manually defined for each user, I believe there is a known issue with using user-mapping.xml alongside other auth extensions (where the built-in auth mechanism handling user-mapping.xml does not properly collaborate with other extensions, unlike the database, ldap, etc. auth), but I've thus far not found a link to where this was reported. - Mike [1] http://guacamole.incubator.apache.org/releases/0.9.7/#simplified-extensions [2] http://guacamole.incubator.apache.org/releases/0.9.10-incubating/#removal-of-deprecated-lib-directory-and-auth-provider-properties
