Gyula Szabó created GUACAMOLE-2128:
--------------------------------------
Summary: Add query parameter to bypass automatic IdP redirect in
Guacamole SAML extension
Key: GUACAMOLE-2128
URL: https://issues.apache.org/jira/browse/GUACAMOLE-2128
Project: Guacamole
Issue Type: Improvement
Components: guacamole-auth-saml
Reporter: Gyula Szabó
{*}Summary:{*}{*}{*}
Currently, when the SAML extension is enabled in Apache Guacamole, the login
flow automatically redirects users to the IdP. This prevents access to the
built-in login form for administrative or fallback purposes. We propose adding
support for a query parameter that, when present, bypasses the automatic
redirect and instead shows the Guacamole login form.
{*}Description:{*}{*}{*}
* Problem: With SAML enabled, Guacamole immediately redirects to the IdP,
blocking the default login UI.
* Workaround today: Temporarily remove the SAML extension or adjust extension
priority.
* Desired solution: Introduce a query parameter (e.g., ?nosaml=true) that
disables the SAML redirect for that session and displays the login form.
{*}Acceptance Criteria:{*}{*}{*}
# When ?nosaml=true is appended to the Guacamole login URL, the login form is
shown instead of redirecting to the IdP.
# Default behavior (no parameter) remains unchanged: SAML users are redirected
automatically.
# Implementation should be secure, ensuring that the bypass only affects the
current request/session.
# Document the new parameter in Guacamole SAML extension docs.
{*}Benefits:{*}{*}{*}
* Allows administrators to log in with local accounts while keeping SAML
enabled.
* Provides an emergency fallback when IdP is unavailable.
* Improves flexibility without requiring manual extension management.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
