Hi Nick, Can you give some instructions on how you got SAML working I am struggling with it right now.
-Bryce From: Nick Couchman <[email protected]> Sent: Monday, February 7, 2022 10:27 AM To: [email protected] Subject: Re: Guac does not connect to LDAP to pull RDP conn details after SAML auth succeeds CAUTION:This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. On Mon, Feb 7, 2022 at 1:18 PM Sathija Pavuluri <[email protected]<mailto:[email protected]>> wrote: We have Guacamole configured to use SAML to initially authenticate users and subsequently use LDAP to look up the user and retrieve RDP connection properties. When using this setup, user is successfully authenticated against SAML but Guac makes no attempt to connect to LDAP to look the user up. So using SAML auth, do connection details have to come from a DB alone? Is LDAP not supported? You are correct, after a successful SAML authentication, there will be no attempt to connect to LDAP. This is because the LDAP module is designed specifically to use the credentials of the user who is logging in to query the LDAP tree. Since 1) authentication has already succeeded, and 2) with SAML authentication there is no password to send to the LDAP server, the module will not attempt to authenticate the user. If you're storing connection information in LDAP then you should just use LDAP to authenticate and not try to stack SAML and LDAP. -Nick CAUTION: BCC IT will never ask for your password. We may ask for your account number, but never for your password. Please do your part in being aware of and avoiding such scams to collect your personal information. Notify BCC IT Helpdesk <https://helpdesk.barstow.edu/new/> at 760-252-7279 of any suspicious emails or websites that appear to represent BCC. [https://images.barstow.edu/logo/Barstow_College_Email_Logo.png] Bryce Prutsos Director of Information Technology Barstow Community College Email: [email protected] Phone: 760-252-2411 EXT: 7248 We are committed to replying to all emails within 24 hours.
