guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "B3r3n" <>
Subject Re: Guacamole & OpenID
Date Fri, 14 Dec 2018 06:38:38 GMT
Hello Nick,

>> The path forward to implement that for OpenID is fairly clear - it
>> would just need to be done. I don't know what would need to be done
>> for the generic header authentication, where there's no standard
>> defining how logout should be signaled to the IDP.
> For the header module, we could add a header-logout-url parameter that
> could be configured to take the user to a URL that would log them out of
> whatever session generated the header?  This kind of kicks the problem of
> how the header logout is accomplished out of the Guacamole realm and over
> to whatever login system is generating the header.
That would just be perfect. This matchines my request from 2 weeks ago.
DELETE token being replaced by https://oidc/logout URL will remove the header
and thus no more access on Guacamole, even if user keeps seeing menues etc.
Maybe also another point: upon auth-header module + not the required variable,
block user to the Guacamole login page, not permitting login, just with a
simple message as "Authentication required" ?



> -Nick

View raw message