Hi Simon, The behavior you described is pretty much what I have experienced. Regarding the logouts, that is not working for me either. Perhaps these are ADFS specific issues as opposed to SAML in general.
-----Original Message----- From: Simon Müller <simon.muel...@bechtle.com> Sent: Tuesday, October 20, 2020 11:26 AM To: user@guacamole.apache.org Subject: RE: [EXTERNAL] Re: SAML Authentication Extension Group Membership Hey there, I am also trying to find a solution for this topic. Thanks to you, Ariel, I have successfully achieved logging in by transforming the claim in my IdP (ADFS) to Name Id - Format "Email-Address". Now I am struggling with the fact that for every user logging in, I would have to add them manually to a group and also add every connection to every group manually. That's where saml-group-attribute could come in handy...So I configured "Send group membership as claim" as an additional claim issuance rule and the debug messages look promising so far: In my guacamole.properties, I explicitly set "saml-group-attribute: Group" Of course I created this particular group beforehand in my guacamole-server currently backed by mysql. It seems the attributes are not honored at all. It would be really great if I could fill a mininum of attributes like "Full Name","E-Mail","Organization", "Department". Another question that arises: How can I still use the REST API with the saml-auth enabled? In Jira I read something about the idea to provide an extra button for the SSO authentication so that you can still login with local users. Is there any intel when and if this will be possible in the future? PS: Logging out currently is not possible at all, am I right? But that is my least concern. ;) -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org