SSO

["Johnson, Nachay [USA]" <Jo...@bah.com.INVALID>]

Hi Everyone,

I was able to get SSO working for logging into the guacamole, but how do I RDP to a system without entering a username and password. The SSO was setup on my F5, so user never enters a username/password. I tried adding the variables below in connection properties, but this won't work since user doesn't enter a password at login. How can I auto populate users AD credentials into the VM

Username: ${GUAC_USERNAME}
Password: ${GUAC_PASSWORD}

Re: SSO

[Nick Couchman <vn...@apache.org>]

On Thu, Sep 29, 2022 at 9:27 AM Johnson, Nachay [USA]
<Jo...@bah.com.invalid> wrote:
>
> Hi Everyone,
>
>
>
> I was able to get SSO working for logging into the guacamole, but how do I RDP to a system without entering a username and password. The SSO was setup on my F5, so user never enters a username/password. I tried adding the variables below in connection properties, but this won’t work since user doesn’t enter a password at login. How can I auto populate users AD credentials into the VM
>
>
>
> Username: ${GUAC_USERNAME}
> Password: ${GUAC_PASSWORD}
>

Unless you're using CAS with the ClearPass extension enabled, this
will not work - if you're using SAML or OpenID, the SSO providers do
not have access to the AD credentials, and will not be able to
retrieve them. The ${GUAC_USERNAME} token will still come through, but
the password token will not be available.

It's worth mentioning this isn't unique to Guacamole - in my Day Job,
we use Azure WVD with their Remote Desktop provider for VDI, and users
have to first authenticate via ADFS (SAML) SSO, and then are required
to re-enter their Windows password when actually opening the
connection.

-Nick

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org