GUACAMOLE-1322: Merge Docker image support for SAML.

guacamole-docker/bin/start.sh

@@ -744,6 +744,58 @@ END
 
 }
 
+##
+## Adds properties to guacamole.properties which select the SAML
+## authentication provider, and configure it to connect to the specified SAML
+## provider.
+##
+associate_saml() {
+
+    # Verify required parameters are present
+    if [ -z "$SAML_IDP_METADATA_URL" ] && \
+       [ -z "$SAML_ENTITY_ID" -o -z "$SAML_CALLBACK_URL" ]
+    then
+        cat <<END
+FATAL: Missing required environment variables
+-------------------------------------------------------------------------------
+If using a SAML authentication, you must provide either SAML_IDP_METADATA_URL
+or both SAML_ENTITY_ID and SAML_CALLBACK_URL environment variables:
+
+    SAML_IDP_METADATA_URL   The URI of the XML metadata file that from the SAML Identity
+                            Provider that contains all of the information the SAML
+                            extension needs in order to know how to authenticate with
+                            the IdP. This URI can either be a remote server (e.g. https://)
+                            or a local file on the filesystem (e.g. file://).
+
+    SAML_ENTITY_ID          The entity ID of the Guacamole SAML client, which is
+                            generally the URL of the Guacamole server
+
+    SAML_CALLBACK_URL       The URL that the IdP will use once authentication has
+                            succeeded to return to the Guacamole web application and
+                            provide the authentication details to the SAML extension.
+END
+        exit 1;
+    fi
+
+    # Update config file
+    set_optional_property "saml-idp-metadata-url"            "$SAML_IDP_METADATA_URL"
+    set_optional_property "saml-idp-url"                     "$SAML_IDP_URL"
+    set_optional_property "saml-entity-id"                   "$SAML_ENTITY_ID"
+    set_optional_property "saml-callback-url"                "$SAML_CALLBACK_URL"
+    set_optional_property "saml-strict"                      "$SAML_STRICT"
+    set_optional_property "saml-debug"                       "$SAML_DEBUG"
+    set_optional_property "saml-compress-request"            "$SAML_COMPRESS_REQUEST"
+    set_optional_property "saml-compress-response"           "$SAML_COMPRESS_RESPONSE"
+    set_optional_property "saml-group-attribute"             "$SAML_GROUP_ATTRIBUTE"
+
+    # Add required .jar files to GUACAMOLE_EXT
+    # "1-{}" make it sorted as a first provider (only authentication)
+    # so it can work together with the database providers (authorization)
+    find /opt/guacamole/saml/ -name "*.jar" | awk -F/ '{print $NF}' | \
+    xargs -I '{}' ln -s "/opt/guacamole/saml/{}" "${GUACAMOLE_EXT}/1-{}"
+
+}
+
 ##
 ## Adds properties to guacamole.properties which configure the TOTP two-factor
 ## authentication mechanism.
@@ -993,6 +1045,12 @@ if [ -n "$OPENID_AUTHORIZATION_ENDPOINT" ]; then
     INSTALLED_AUTH="$INSTALLED_AUTH openid"
 fi
 
+# Use SAML if specified
+if [ -n "$SAML_IDP_METADATA_URL" ]; then
+    associate_saml
+    INSTALLED_AUTH="$INSTALLED_AUTH saml"
+fi
+
 #
 # Validate that at least one authentication backend is installed
 #
@@ -1055,4 +1113,3 @@ fi
 #
 
 start_guacamole
-