Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-1364

Allow login with standard username/password when SSO is enabled

    XMLWordPrintableJSON

Details

    Description

      When SSO is in use, Guacamole automatically redirects all users to the IdP for sign-in. This works well if all necessary user accounts are available through that IdP, but effectively prevents logging in using any account unknown to the IdP and prevents using multiple SSO implementations.

      For example:

      • If SAML is enabled, but the common "guacadmin" administrative account has no counterpart in the SAML IdP, it will not be possible to sign in as "guacadmin" until a SAML user that maps to the "guacadmin" identity exists.
      • If multiple SSO solutions are enabled, only the solution that sorts first by filename will be usable, with others not getting their chance to redirect to their IdPs.

      This can be solved by:

      1. Defining explicit behavior for the SSO implementations when they are not sorted first (automatically adding a "Sign in with _____" button to the login prompt produced extension that sort before the SSO implementation).
      2. Providing an easier mechanism for adjusting extension order (rather than requiring renaming of files).

      Attachments

        Activity

          People

            mjumper Mike Jumper
            mjumper Mike Jumper
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: