On Tue, Jun 18, 2024 at 12:13 PM David Lomas <d...@pale-eds.co.uk.invalid> wrote:
> Thanks Nick—definitely heading out of my depth here, but are you saying we > don't need to provide an authentication provider at all? Or just not > override the default getAuthorizedConfigurations() function? I'm looking at > the LDAP & JSON auth extension source code and trying to piece together a > minimal skeleton which can accept Credentials and return a User with > associated group. Is there anything more straightforward than those? > > Sorry the confusion - you'll still need to implement the authentication provider, you just don't need to override getAuthorizedConfigurations(), you'll just need to make sure that your authentication provider has a User implementation that provides the desired groups via an override to getUserGroups(). Honestly, you might take a look at the guacamole-auth-header module - it may be a better starting point for you to then just: * Adjust extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java to authenticate with whatever your authentication credentials/method are/is. * Adjust extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java to override getUserGroups() to return the groups you're looking for. -Nick >
