guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <>
Subject Re: CAS Extension
Date Mon, 18 Sep 2017 16:43:45 GMT
On Mon, Sep 18, 2017 at 8:23 AM, richk <> wrote:

> In the docs with regards to the CAS extension it has this line:
> "This module must be layered on top of other authentication extensions that
> provide connection information, as it only provides user authentication".
> So would I configure the auth-provider property with
> BasicFileAuthenticationProvider as usual, but then specify
> cas-authorization-endpoint and cas-redirect-uri to override the default
> login action to use CAS instead?

There actually is no "auth-provider" property. This property was deprecated
in 0.9.7 in favor of a new, self-contained extension format [1] and finally
removed entirely in 0.9.10-incubating [2]. Usage of this property between
0.9.7 and 0.9.10-incubating would have worked but resulted in a warning in
the logs, but the property it is now ignored. It is no longer documented in
the manual, and any third-party tutorials which refer to it are out of date.

If so, then can I just specify the
> connection configs in user-mapping.xml as usual too?
> Is that how it's intended to work? It seems too easy?
This is exactly how it's intended to work. Guacamole supports loading
multiple extensions simultaneously, and will automatically combine
authentication methods. I'd recommend using the MySQL or PostgreSQL
extensions instead of "user-mapping.xml", however. Besides the way that
user-mapping.xml requires the password to be manually defined for each
user, I believe there is a known issue with using user-mapping.xml
alongside other auth extensions (where the built-in auth mechanism handling
user-mapping.xml does not properly collaborate with other extensions,
unlike the database, ldap, etc. auth), but I've thus far not found a link
to where this was reported.

- Mike


View raw message