How to handle groups from openid?

[thebetterjort <th...@gmail.com>]

I have successfully authenticated using keycloak (openid), but I'm trying to
figure out if I can get my groups that I have created in keycloak and their
permissions into guacamole. 

How would I setup an admin user for instance? I have a group created in
keycloak, but I'm not able to see this role/group anywhere?



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

Re: How to handle groups from openid?

[Nick Couchman <vn...@apache.org>]

On Mon, Mar 18, 2019 at 10:08 PM thebetterjort <th...@gmail.com>
wrote:

> Mike,
>
>   I wish I could be more help. This is the only thing I have written
> involving groups.
> https://github.com/httpsOmkar/keycloak-hasura-connector
>
>
No worries - you're welcome to put in a feature request on the JIRA page
for this.  I've thought about adding similar capability to the CAS module,
since it can retrieve arbitrary parameters, like Group Membership, from
whatever backend it's authenticating against, and pass those through.

https://issues.apache.org/jira/projects/GUACAMOLE

-Nick

Re: How to handle groups from openid?

[thebetterjort <th...@gmail.com>]

Mike,
 
  I wish I could be more help. This is the only thing I have written
involving groups.
https://github.com/httpsOmkar/keycloak-hasura-connector



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

Re: How to handle groups from openid?

[Mike Jumper <mj...@apache.org>]

On Mon, Mar 18, 2019 at 1:14 PM thebetterjort <th...@gmail.com>
wrote:

> I have successfully authenticated using keycloak (openid), but I'm trying
> to
> figure out if I can get my groups that I have created in keycloak and their
> permissions into guacamole.
>
>
Guacamole's OpenID support does not implement groups. It would be nice to
add, though.

Do you know offhand how keycloak exposes group memberships (presumably
within the JWT)?

- Mike