guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From richk <>
Subject Re: CAS Extension
Date Mon, 18 Sep 2017 17:08:30 GMT
Mike Jumper wrote
> On Mon, Sep 18, 2017 at 8:23 AM, richk &lt;

> rk5devmail@

> &gt; wrote:
>> In the docs with regards to the CAS extension it has this line:
>> "This module must be layered on top of other authentication extensions
>> that
>> provide connection information, as it only provides user authentication".
>> So would I configure the auth-provider property with
>> BasicFileAuthenticationProvider as usual, but then specify
>> cas-authorization-endpoint and cas-redirect-uri to override the default
>> login action to use CAS instead?
> There actually is no "auth-provider" property. This property was
> deprecated
> in 0.9.7 in favor of a new, self-contained extension format [1] and
> finally
> removed entirely in 0.9.10-incubating [2]. Usage of this property between
> 0.9.7 and 0.9.10-incubating would have worked but resulted in a warning in
> the logs, but the property it is now ignored. It is no longer documented
> in
> the manual, and any third-party tutorials which refer to it are out of
> date.
> If so, then can I just specify the
>> connection configs in user-mapping.xml as usual too?
>> Is that how it's intended to work? It seems too easy?
> This is exactly how it's intended to work. Guacamole supports loading
> multiple extensions simultaneously, and will automatically combine
> authentication methods. I'd recommend using the MySQL or PostgreSQL
> extensions instead of "user-mapping.xml", however. Besides the way that
> user-mapping.xml requires the password to be manually defined for each
> user, I believe there is a known issue with using user-mapping.xml
> alongside other auth extensions (where the built-in auth mechanism
> handling
> user-mapping.xml does not properly collaborate with other extensions,
> unlike the database, ldap, etc. auth), but I've thus far not found a link
> to where this was reported.
> - Mike
> [1]
> [2]

Thanks Mike. If there's an issue with the user-mapping file conflicting with
other auth extensions then we'll use the database option. I'll try with the
user-mapping file and report any issues just so you have a record with the
understanding that using the database extensions is the recommended course
of action.


Sent from:

View raw message