Re: SAML SP metadata

[Vieri <re...@yahoo.com.INVALID>]

 On Sunday, March 27, 2022, 05:32:07 PM GMT+2, Vieri <re...@yahoo.com.invalid> wrote: 
>
> I created this:
> https://issues.apache.org/jira/browse/GUACAMOLE-1565 

Hi again,

Regarding SAML there's another important feature I haven't requested on Jira yet. 
I require the guacamole application to allow access to its service ONLY if the user logging in belongs to a specific group sent in via the "groups attribute". In other words if the user does not belong to MY_REQUIRED_GROUP then it should NOT be granted access whatsoever. 
I'm attaching a patch which does just that although I'd rather show the denied user a message of some sort (and not just throw an exception).
And yes, the required group name should be retrieved with confService.

I know you have a lot of other areas to cover and that making changes to an authentication process can be tricky as you don't want to inadvertantly create a vulnerability, but could you please let me know at least if the feature request I already submited regarding the private key and this one are of any interest at all to the community so that I can decide whether to keep patching my guacamole installation long-term or not?

Thanks,

Vieri