On Mon, Nov 2, 2020 at 1:27 AM Jack Rosenthal <[email protected]> wrote:
> Hi All, > > I know SAML needs to be used in addition with a database, but how do SAML > email addresses get associated with users in the database? > > I tried creating a user with the name exactly matching the email, but > after SAML-authing, it does not appear to be associated? > > You just need a user in the database whose username matches that of the SAML username. I'm not sure how you're measuring association, here, but it's a loose connection in Guacamole - as long as the username matches between two authentication modules, that user will be considered the same user, and things like permissions will be evaluated as such. There are a couple of things to note, here: - Today the comparison for usernames is a case-sensitive comparison, so if the username provided by SAML is Jack_Rosenthal and you create a user jack_rosenthal, they will not be considered the same user. - As of Guacamole 1.2.0 you can have the JDBC module auto-create users that successfully authenticate from other modules, which may help you streamline this and ease the administrative burden. - After the users are created in JDBC you still need to assign them permissions to access one or more connections. This should be relatively simple/straight-forward -just edit the user and assign permissions. -Nick >
