You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Nick Couchman (Jira)" <ji...@apache.org> on 2021/08/22 01:12:00 UTC

[jira] [Commented] (GUACAMOLE-1364) Allow login with standard username/password when SSO is enabled

    [ https://issues.apache.org/jira/browse/GUACAMOLE-1364?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17402709#comment-17402709 ] 

Nick Couchman commented on GUACAMOLE-1364:
------------------------------------------

Method 1 seems to be a common behavior I've seen on web sites that support both SSO and non-SSO logins, FWIW.

> Allow login with standard username/password when SSO is enabled
> ---------------------------------------------------------------
>
>                 Key: GUACAMOLE-1364
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1364
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole-auth-cas, guacamole-auth-openid, guacamole-auth-saml
>            Reporter: Mike Jumper
>            Assignee: Mike Jumper
>            Priority: Minor
>             Fix For: 1.4.0
>
>
> When SSO is in use, Guacamole automatically redirects all users to the IdP for sign-in. This works well if all necessary user accounts are available through that IdP, but effectively prevents logging in using any account unknown to the IdP and prevents using multiple SSO implementations.
> For example:
> * If SAML is enabled, but the common "guacadmin" administrative account has no counterpart in the SAML IdP, it will not be possible to sign in as "guacadmin" until a SAML user that maps to the "guacadmin" identity exists.
> * If multiple SSO solutions are enabled, only the solution that sorts first by filename will be usable, with others not getting their chance to redirect to their IdPs.
> This can be solved by:
> # Defining explicit behavior for the SSO implementations when they are not sorted first (automatically adding a "Sign in with _____" button to the login prompt produced extension that sort before the SSO implementation).
> # Providing an easier mechanism for adjusting extension order (rather than requiring renaming of files).



--
This message was sent by Atlassian Jira
(v8.3.4#803005)