You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@guacamole.apache.org by GitBox <gi...@apache.org> on 2023/01/15 03:09:30 UTC

[GitHub] [guacamole-manual] necouchman opened a new pull request, #191: GUACAMOLE-1322: Provide documentation for configuring SAML authentication in the Docker container.

necouchman opened a new pull request, #191:
URL: https://github.com/apache/guacamole-manual/pull/191

   This provides the documentation within the Docker section of the manual for configuring SAML authentication.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@guacamole.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [guacamole-manual] necouchman commented on a diff in pull request #191: GUACAMOLE-1322: Provide documentation for configuring SAML authentication in the Docker container.

Posted by "necouchman (via GitHub)" <gi...@apache.org>.

necouchman commented on code in PR #191:
URL: https://github.com/apache/guacamole-manual/pull/191#discussion_r1083558005


##########
src/guacamole-docker.md:
##########
@@ -709,6 +709,79 @@ valid Docker variables for enabling and configuring header authentication:
 
 (guacamole-docker-tomcat-remote-ip-valve)=
 
+### SAML Authentication
+
+SAML authentication can be configured to allow the Guacamole Client instance
+running in a Docker container to authentication with a SAML Identity Provider
+(IdP). The IdP verifies the user authentication and then provides a response
+back to Guacamole with the name of the user and any other configured
+attributes contained in the SAML assertion. More details on SAML
+authentication with Guacamole can be found on the [](saml-auth) page.
+
+#### Required environment variables
+
+Configuration of SAML authentication requires that either a metadata file
+or a few other basic configuration parameters be provided to the container:
+
+`SAML_IDP_METADATA_URL`
+: The URI of a file that provides information about the SAML IdP that will
+  be used to authenticate users. This can either be a local file on the
+  filesystem, or it can be the URL of a file on a remote server. Note that
+  if the file is located on a local filesystem it will have to be made
+  available to the Docker container by either copying the file in or using
+  a file located on a volume that is shared with the container. Metadata
+  files for SAML authentication are generally obtained from the IdP.
+
+`SAML_IDP_URL`
+: If a metadata file is not provided, or does not contain the URL of the
+  Identity Provider, then this variable must be present in order to
+  tell Guacamole the location of the IdP, which is where users will be
+  redirected for authentication.
+
+`SAML_ENTITY_ID`
+: The SAML Entity Identifier of the Guacamole Client instance that will
+  be provided to the SAML IdP. This is generally the URL of the
+  Guacamole server. If the metadata URL is not provided, or the
+  metadata file does not contain an entity ID, this variable must
+  be provided.
+
+`SAML_CALLBACK_URL`
+: The URL of the Guacamole instance that will be given to the SAML IdP,
+  which will be used by the IdP to redirect the user back to the Guacamole
+  instance after the user has been validated. If the metadata file is not
+  provided, or does not contain a callback URL for the Guacamole instance,
+  this variable must be provided.
+
+#### Optional environment variables
+
+Other environment variables can be provided to adjust the behavior of the
+SAML authentication extension.
+
+`SAML_STRICT`
+: A boolean value that configures whether or not the Guacamole SAML client
+  will perform strict security checks on servers and certificates. This is
+  normally enabled and should never be disabled in a production environment.
+
+`SAML_COMPRESS_REQUEST`
+: A boolean value that configures whether or not the Guacamole SAML client
+  will enable compression on requests sent to the IdP. This defaults to
+  enabled (true).
+
+`SAML_COMPRESS_RESPONSE`
+: A boolean value that configures whether or not the Guacamole SAML client
+  will request that responses from the IdP be compressed. This defaults to
+  enabled (true).
+
+`SAML_GROUP_ATTRIBUTE`
+: The name of the attribute within the SAML assertion that contains the
+  group membership of the user who is being authenticated, if any. This
+  property is optional and defaults to "groups".
+
+`SAML_DEBUG`
+: WHether or not the Guacamole SAML client should provide verbose logging

Review Comment:
   Fixed via rebase.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@guacamole.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [guacamole-manual] mike-jumper merged pull request #191: GUACAMOLE-1322: Provide documentation for configuring SAML authentication in the Docker container.

Posted by "mike-jumper (via GitHub)" <gi...@apache.org>.

mike-jumper merged PR #191:
URL: https://github.com/apache/guacamole-manual/pull/191


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@guacamole.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [guacamole-manual] mike-jumper commented on a diff in pull request #191: GUACAMOLE-1322: Provide documentation for configuring SAML authentication in the Docker container.

Posted by "mike-jumper (via GitHub)" <gi...@apache.org>.

mike-jumper commented on code in PR #191:
URL: https://github.com/apache/guacamole-manual/pull/191#discussion_r1083511093


##########
src/guacamole-docker.md:
##########
@@ -709,6 +709,79 @@ valid Docker variables for enabling and configuring header authentication:
 
 (guacamole-docker-tomcat-remote-ip-valve)=
 
+### SAML Authentication
+
+SAML authentication can be configured to allow the Guacamole Client instance
+running in a Docker container to authentication with a SAML Identity Provider
+(IdP). The IdP verifies the user authentication and then provides a response
+back to Guacamole with the name of the user and any other configured
+attributes contained in the SAML assertion. More details on SAML
+authentication with Guacamole can be found on the [](saml-auth) page.
+
+#### Required environment variables
+
+Configuration of SAML authentication requires that either a metadata file
+or a few other basic configuration parameters be provided to the container:
+
+`SAML_IDP_METADATA_URL`
+: The URI of a file that provides information about the SAML IdP that will
+  be used to authenticate users. This can either be a local file on the
+  filesystem, or it can be the URL of a file on a remote server. Note that
+  if the file is located on a local filesystem it will have to be made
+  available to the Docker container by either copying the file in or using
+  a file located on a volume that is shared with the container. Metadata
+  files for SAML authentication are generally obtained from the IdP.
+
+`SAML_IDP_URL`
+: If a metadata file is not provided, or does not contain the URL of the
+  Identity Provider, then this variable must be present in order to
+  tell Guacamole the location of the IdP, which is where users will be
+  redirected for authentication.
+
+`SAML_ENTITY_ID`
+: The SAML Entity Identifier of the Guacamole Client instance that will
+  be provided to the SAML IdP. This is generally the URL of the
+  Guacamole server. If the metadata URL is not provided, or the
+  metadata file does not contain an entity ID, this variable must
+  be provided.
+
+`SAML_CALLBACK_URL`
+: The URL of the Guacamole instance that will be given to the SAML IdP,
+  which will be used by the IdP to redirect the user back to the Guacamole
+  instance after the user has been validated. If the metadata file is not
+  provided, or does not contain a callback URL for the Guacamole instance,
+  this variable must be provided.
+
+#### Optional environment variables
+
+Other environment variables can be provided to adjust the behavior of the
+SAML authentication extension.
+
+`SAML_STRICT`
+: A boolean value that configures whether or not the Guacamole SAML client
+  will perform strict security checks on servers and certificates. This is
+  normally enabled and should never be disabled in a production environment.
+
+`SAML_COMPRESS_REQUEST`
+: A boolean value that configures whether or not the Guacamole SAML client
+  will enable compression on requests sent to the IdP. This defaults to
+  enabled (true).
+
+`SAML_COMPRESS_RESPONSE`
+: A boolean value that configures whether or not the Guacamole SAML client
+  will request that responses from the IdP be compressed. This defaults to
+  enabled (true).
+
+`SAML_GROUP_ATTRIBUTE`
+: The name of the attribute within the SAML assertion that contains the
+  group membership of the user who is being authenticated, if any. This
+  property is optional and defaults to "groups".
+
+`SAML_DEBUG`
+: WHether or not the Guacamole SAML client should provide verbose logging

Review Comment:
   Whether*



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@guacamole.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org