Hello,
I am testing Apache Guacamole with the purpose to deploy it in k8s. Deploying it locally and reading the manual I was not able to answer the questions arised. Here: https://guacamole.apache.org/doc/gug/configuring-guacamole.html Is said something like you have to look into a specific auth plugin on how to manage users. In auth plugin guides I can't find any information which would point how it creates (or not creates the users). This is the reason why I am forced to ask community/maintainers for help to understand the best way to go. We have two requirements: 1. We don't want to maintain the user list on the guacamole side. We use Active Directory. We have Pomerium in k8s which is able to proxy HTTP header with user name to Apache Guacamole. Or we can use OpenID. But the biggest issue is if Guacamole still needs the list of users on it's side? Or will it login any user? Pomerium has AD Groups based access. So, if Pomerium allows proxy request to Guacamole, then this user should have the ability to sign in. In simple words, the question is: What auth we can use, so Apache Guacamole would be able to login the user without having the list of users in its own filesystem/db. 2. The connection provisioning is not supported as far as I can see. We could create a k8s job which will be retrieving the list of targets from our internal systems. Then creating connections via REST API. Is this the only possible solution in our case?
