Mike Jumper wrote > On Mon, Sep 18, 2017 at 8:23 AM, richk < > rk5devmail@
> > wrote: > >> >> In the docs with regards to the CAS extension it has this line: >> >> "This module must be layered on top of other authentication extensions >> that >> provide connection information, as it only provides user authentication". >> >> So would I configure the auth-provider property with >> BasicFileAuthenticationProvider as usual, but then specify >> cas-authorization-endpoint and cas-redirect-uri to override the default >> login action to use CAS instead? > > > There actually is no "auth-provider" property. This property was > deprecated > in 0.9.7 in favor of a new, self-contained extension format [1] and > finally > removed entirely in 0.9.10-incubating [2]. Usage of this property between > 0.9.7 and 0.9.10-incubating would have worked but resulted in a warning in > the logs, but the property it is now ignored. It is no longer documented > in > the manual, and any third-party tutorials which refer to it are out of > date. > > If so, then can I just specify the >> connection configs in user-mapping.xml as usual too? >> >> Is that how it's intended to work? It seems too easy? >> >> > This is exactly how it's intended to work. Guacamole supports loading > multiple extensions simultaneously, and will automatically combine > authentication methods. I'd recommend using the MySQL or PostgreSQL > extensions instead of "user-mapping.xml", however. Besides the way that > user-mapping.xml requires the password to be manually defined for each > user, I believe there is a known issue with using user-mapping.xml > alongside other auth extensions (where the built-in auth mechanism > handling > user-mapping.xml does not properly collaborate with other extensions, > unlike the database, ldap, etc. auth), but I've thus far not found a link > to where this was reported. > > - Mike > > [1] > http://guacamole.incubator.apache.org/releases/0.9.7/#simplified-extensions > [2] > http://guacamole.incubator.apache.org/releases/0.9.10-incubating/#removal-of-deprecated-lib-directory-and-auth-provider-properties Thanks Mike. If there's an issue with the user-mapping file conflicting with other auth extensions then we'll use the database option. I'll try with the user-mapping file and report any issues just so you have a record with the understanding that using the database extensions is the recommended course of action. -Rich -- Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
