On Tue, May 27, 2025 at 5:24 AM Peter Camps <p.ca...@eshgro.nl.invalid> wrote:
> Hi, > > I installed Guacamole 1.5.5 on Ubuntu 24.04.2 LTS, native install. > > Also using Tomcat 9.0.105, MySQL Ver 8.0.42-0ubuntu0.24.04.1 and NGINX > Proxy Manager v2.12.3.(in docker). > After this I also enabled SAML for Azure SSO and created the Enterprise > application with SSO in Azure. > > This is working fine at the moment, but I am struggling with the final > steps to configure adding the connectiongroups to the logged on user. > > > I have a connectiongroup in Guacamole named Servers and I want all logged > on user to be able to use the connections in this group. > > I have tried multiple suggestions on the web how to enable this. I have > tried all kinds of settings in the guacamole.properties file. > > saml-group-attribute: > *http://schemas.microsoft.com/ws/2008/06/identity/claims/groups > <http://schemas.microsoft.com/ws/2008/06/identity/claims/groups>* > saml-group-attribute: groups > saml-group-attribute: servers > > I believe "groups" is both the correct syntax and the default: https://guacamole.apache.org/doc/gug/saml-auth.html You may need to enable some debugging, in either the Guacamole web application as a whole and/or in the SAML extension to make sure you're getting the claims through and that they are formatted as you expect. The SAML debugging can be found in the above link to the SAML portion of the manual - the general logging can be found, here: https://guacamole.apache.org/doc/gug/configuring-guacamole.html#logging-within-the-web-application > But whatever I do in Azure, creating a new claim or a new group claim, > using all kinds of settings I have not been able to log into Guacamole as > user and get all the connections I need. > I know that you can do this upfront, creating the (azure) user and > assigning the group, but I would really like to be able to have this > automated. > We are going to have multiple users using this eventually. > > Is there somebody who can guide me through this process? Or can point me > to a working tutorial? > > After configuring the group attribute in the SAML extension, have you created the matching group in the Guacamole admin interface and assigned permissions to that group? -Nick >
