On Tue, Jan 31, 2023 at 10:39 AM Michael Hess <michael_h...@nols.edu.invalid> wrote:
> I have the default saml-group-attribute set to "groups" and in Azure I > have the Claim name of > http://schemas.microsoft.com/ws/2008/06/identity/claims/groups set to > value: user.groups [All], all default stuff. > > I don't get any mappings from the groups I've added in Guacamole though, > they have the same group name, caps and all. > IIRC, Azure's SAML is unique in its handling of groups in that it sends its own internal UUID values for group names instead of the actual group name. How do I verify what's being sent and troubleshoot this? > Try installing a SAML-tracing extension for your browser - that should allow you to see the contents of the SAML assertion. You could also try setting Guacamole's "saml-debug" property to "true" and/or bump Guacamole's log level for the web application to "debug": https://guacamole.apache.org/doc/gug/saml-auth.html#configuring-guacamole-for-saml-authentication https://guacamole.apache.org/doc/gug/configuring-guacamole.html#logging-within-the-web-application - Mike