You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@guacamole.apache.org by "Nick Couchman (JIRA)" <ji...@apache.org> on 2017/10/28 13:45:00 UTC

[jira] [Reopened] (GUACAMOLE-362) CAS authentication and ClearPass

     [ https://issues.apache.org/jira/browse/GUACAMOLE-362?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nick Couchman reopened GUACAMOLE-362:
-------------------------------------

Coverity identified a resource leak in the code reading in the private key.  PR is open to fix this.

> CAS authentication and ClearPass
> --------------------------------
>
>                 Key: GUACAMOLE-362
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-362
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole-auth-cas
>    Affects Versions: 0.9.13-incubating
>            Reporter: Nicklas Björk
>            Assignee: Nick Couchman
>            Priority: Minor
>             Fix For: 0.9.14-incubating
>
>
> Because of the nature of logging in with CAS, Guacamole does not know the user password. That means that automatic login using the ${GUAC_USERNAME} and ${GUAC_PASSWORD} tokens can not be used. It actually seems like the tokens are not available at all when using CAS as authentication method.
> For the brave, CAS offers a functionality called ClearPass to deliver the password in an encrypted message to the requesting service (https://apereo.github.io/cas/5.1.x/integration/ClearPass.html). That could be a way to populate ${GUAC_PASSWORD}, as long as username and password is being used to authenticate the user in CAS. If the tokens are being used in a connection profile, but isn't populated, I guess it would make sense to fall back to manual login.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)