[
https://issues.apache.org/jira/browse/GUACAMOLE-362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16128598#comment-16128598
]
Nick Couchman commented on GUACAMOLE-362:
-----------------------------------------
There's actually already a JIRA issue out there dealing with the second part of
your question (why tokens are not populated in CAS/Header auth modules):
https://issues.apache.org/jira/browse/GUACAMOLE-341
That particular issue/PR is concerned more with the Header module, but the fix
for the CAS module will be exactly the same for populating the username token.
So, I suggest we keep this JIRA issue concentrated on the possibility of
obtaining the password from CAS and then populating the password token with
that.
> CAS authentication and ClearPass
> --------------------------------
>
> Key: GUACAMOLE-362
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-362
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole-auth-cas
> Affects Versions: 0.9.13-incubating
> Reporter: Nicklas Björk
> Priority: Minor
>
> Because of the nature of logging in with CAS, Guacamole does not know the
> user password. That means that automatic login using the ${GUAC_USERNAME} and
> ${GUAC_PASSWORD} tokens can not be used. It actually seems like the tokens
> are not available at all when using CAS as authentication method.
> For the brave, CAS offers a functionality called ClearPass to deliver the
> password in an encrypted message to the requesting service
> (https://apereo.github.io/cas/5.1.x/integration/ClearPass.html). That could
> be a way to populate ${GUAC_PASSWORD}, as long as username and password is
> being used to authenticate the user in CAS. If the tokens are being used in a
> connection profile, but isn't populated, I guess it would make sense to fall
> back to manual login.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
