Hi, A specific user logs in fine but is not shown the authorized connection list. This user is a member of group My_Group.
I can see that the DB is OK: "SELECT entity_id FROM guacamole_entity WHERE name = 'My_Group' AND type = 'USER_GROUP';" entity_id ----------- 151 (1 row) "SELECT * FROM guacamole_user_group WHERE entity_id = 151;" user_group_id | entity_id | disabled ---------------+-----------+---------- 1 | 151 | f (1 row) "SELECT * FROM guacamole_user_group WHERE entity_id = 151;" user_group_id | entity_id | disabled ---------------+-----------+---------- 1 | 151 | f (1 row) "SELECT * FROM guacamole_connection WHERE connection_name = 'Intranet kiosk (RDP)';" connection_id | connection_name | parent_id | protocol | max_connections | max_connections_per_user | connection_weight | failover_only | proxy_port | proxy_hostname | proxy_encryption_method ---------------+---------------------+-----------+----------+-----------------+--------------------------+-------------------+---------------+------------+----------------+------------------------- 139 | Intranet kiosk (RDP)| | rdp | | | | f | | | (1 row) "SELECT * FROM guacamole_connection_parameter WHERE connection_id = 139;" connection_id | parameter_name | parameter_value ---------------+------------------------+-------------------------------------------------------------- 139 | hostname | ... 139 | load-balance-info | ... 139 | security | nla 139 | remote-app | ||IntranetFFkiosk (17 rows) [trimmed] "SELECT * FROM guacamole_connection_permission WHERE connection_id = 139;" entity_id | connection_id | permission -----------+---------------+------------ 151 | 139 | READ (1 row) All the above should mean that the group 'My_Group' *should* see and access the connection "Intranet kiosk (RDP)", right? Now, if the user who logs in doesn't it means that Guacamole does not consider it a member of 'My_Group', right? I am using Postgresql as a backend, and I'm not specifying within the DB tht this user is a member of 'My_Group'. That's because I want to delegate user/group management to SAML. I have this in my giavamole.properties: saml-group-attribute: urn:oid:1.2.840.113556.1.2.102 I also have saml-debug: true When the user logs in I can see this in catalina: c.onelogin.saml2.authn.SamlResponse - SAMLResponse has attributes: {urn:oid:1.2.840.113556.1.2.102=[Some_group, My_Group, Another_Group], urn:oid:2.5.4.3=[MyUser], IDP=[INTERNAL]} The group is there, so what's wrong? Vieri Jerome --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org