CAS authentication and ClearPass

Because of the nature of logging in with CAS, Guacamole does not know the user password. That means that automatic login using the ${GUAC_USERNAME} and ${GUAC_PASSWORD} tokens can not be used. It actually seems like the tokens are not available at all when using CAS as authentication method.

For the brave, CAS offers a functionality called ClearPass to deliver the password in an encrypted message to the requesting service (https://apereo.github.io/cas/5.1.x/integration/ClearPass.html). That could be a way to populate ${GUAC_PASSWORD}, as long as username and password is being used to authenticate the user in CAS. If the tokens are being used in a connection profile, but isn't populated, I guess it would make sense to fall back to manual login.