Hello!, I'm trying to setup Authorization via Keycloak Authorization module and OIDC integration for Guacamole.
I've setup all the proper rules in Keycloak, currently based on group membership. There's an internal testing feature that allowed me to validate that Authorization for a given application for user1 is denied, and for user2 is granted depending on group membership: https://www.keycloak.org/docs/latest/authorization_services/index.html I was expected this to be part of any OIDC standard integration, but Guacamole happily allows access to both user1 & user2. Reading around it seems that the policy enforcing should be implemented on the client or web resource side (which sound odd): https://www.keycloak.org/securing-apps/policy-enforcer I can't find any reference in the Guacamole documentation, can you please confirm if something like that is supported somehow?. Regards, Cyrus. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
