[
https://issues.apache.org/jira/browse/GUACAMOLE-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17426408#comment-17426408
]
Eilbron edited comment on GUACAMOLE-1266 at 10/8/21, 10:42 PM:
---------------------------------------------------------------
[~vnick] and Team, let me start by saying I appreciate everything you do for
this and other projects! In regards to this issues, I know its not considered a
bug and its minor priority, but it essentially makes MFA unusable. Once, you
authenticate with MFA, you could reboot your laptop or come back few days later
and you are right back in without any authentication. In some ways it makes it
less secure than not having MFA at all.
I'd appreciate it if you could bump the priority, and or if there is a work
around please let me know.
Regards,
Eilbron
was (Author: ilbron):
[~vnick] and Team, let me start saying I appreciate everything you do for this
and other projects! In regards to this issues, I know its not considered a bug
and its minor priority, but it essentially makes MFA unusable. Once, you
authenticate with MFA, you could reboot your laptop or come back few days later
and you are right back in without any authentication. In some ways it makes it
less secure than not having MFA at all.
I'd appreciate it if you could bump the priority, and or if there is a work
around please let me know.
Regards,
Eilbron
> Implement SAML Single Logout
> ----------------------------
>
> Key: GUACAMOLE-1266
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1266
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole
> Reporter: Michael Miklis
> Priority: Minor
>
> The SAML Authentication Extension does not seem to have a logout function
> built in. This will result in a loop. Steps to reproduce:
> * connect to guacamole ULR
> * Automatic redirect to IDP Signin Page happens
> * login via SAML IDP to Guacamole
> * Click Logoff in Guacamole
> * Redirect to Guacamole Start-Page happens
> * Redirect to IDP Signin Page
> * User gets signed in automatically as the session on the IDP is still
> existing
>
> The correct behaviour must be:
> * connect to guacamole ULR
> * Automatic redirect to IDP Signin Page happens
> * login via SAML IDP to Guacamole
> * Click Logoff in Guacamole
> * *Redirecting to configured IDP Logoff URL*
> * *IDP destroys session and redirects to Guacamole start page*
> * Redirect to IDP Signin Page
> * User gets signed in automatically as the session on the IDP is still
> existing
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
