diff --git a/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/connection/ConnectionService.java b/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/connection/ConnectionService.java
index 0cf4e25dbe..4474bb7336 100644
--- a/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/connection/ConnectionService.java
+++ b/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/connection/ConnectionService.java
@@ -40,6 +40,7 @@
 import org.apache.guacamole.net.SSLGuacamoleSocket;
 import org.apache.guacamole.net.SimpleGuacamoleTunnel;
 import org.apache.guacamole.net.auth.GuacamoleProxyConfiguration;
+import org.apache.guacamole.net.auth.GuacamoleProxyConfiguration.EncryptionMethod;
 import org.apache.guacamole.protocol.ConfiguredGuacamoleSocket;
 import org.apache.guacamole.protocol.GuacamoleClientInformation;
 import org.apache.guacamole.protocol.GuacamoleConfiguration;
@@ -176,6 +177,21 @@ public GuacamoleTunnel connect(UserData.Connection connection,
         String hostname = proxyConfig.getHostname();
         int port = proxyConfig.getPort();
 
+        // handle guacd-[hostname/port/ssl] overrides
+        String overrideGuacdHostname = connection.getGuacdHostname();
+        if (overrideGuacdHostname != null && !overrideGuacdHostname.isEmpty()) {
+            hostname = overrideGuacdHostname;
+        }
+        Integer overrideGuacdPort = connection.getGuacdPort();
+        if (overrideGuacdPort != null) {
+            port = overrideGuacdPort;
+        }
+        EncryptionMethod proxyMethod = proxyConfig.getEncryptionMethod();
+        Boolean overrideGuacdSSL = connection.getGuacdSsl();
+        if (overrideGuacdSSL != null) {
+            proxyMethod = overrideGuacdSSL ? EncryptionMethod.SSL : EncryptionMethod.NONE;
+        }
+
         // Generate and verify connection configuration
         GuacamoleConfiguration filteredConfig = getConfiguration(connection);
         if (filteredConfig == null) {
@@ -190,7 +206,7 @@ public GuacamoleTunnel connect(UserData.Connection connection,
 
         // Determine socket type based on required encryption method
         final ConfiguredGuacamoleSocket socket;
-        switch (proxyConfig.getEncryptionMethod()) {
+        switch (proxyMethod) {
 
             // If guacd requires SSL, use it
             case SSL:
diff --git a/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/user/UserData.java b/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/user/UserData.java
index 2e3048f0fa..adc4a1adee 100644
--- a/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/user/UserData.java
+++ b/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/user/UserData.java
@@ -70,6 +70,21 @@ public static class Connection {
          */
         private String id;
 
+        /**
+         * Allows to override the guacd-hostname setting on a 'per connection' basis
+         */
+        private String guacdHostname;
+
+        /**
+         * Allows to override the guacd-port setting on a 'per connection' basis
+         */
+        private Integer guacdPort;
+
+        /**
+         * Allows to override the guacd-ssl setting on a 'per connection' basis
+         */
+        private Boolean guacdSsl;
+
         /**
          * The protocol that this connection should use, such as "vnc" or "rdp".
          */
@@ -124,6 +139,66 @@ public void setId(String id) {
             this.id = id;
         }
 
+        /**
+         * Returns the override for the guacd-hostname setting
+         *
+         * @return
+         *     The hostname to use when connecting guacd
+         */
+        public String getGuacdHostname() {
+			return guacdHostname;
+		}
+
+        /**
+         * Sets the guacd-hostname override for this connection
+         *
+         * @param guacdHostname
+         *     The hostname to use when connecting guacd
+         */
+        public void setGuacdHostname(String guacdHostname) {
+			this.guacdHostname = guacdHostname;
+		}
+
+        /**
+         * Returns the override for the guacd-port setting
+         *
+         * @return
+         *     The port to use when connecting guacd
+         */
+        public Integer getGuacdPort() {
+			return guacdPort;
+		}
+
+        /**
+         * Sets the guacd-port override for this connection
+         *
+         * @param guacdPort
+         *     The port to use when connecting guacd
+         */
+        public void setGuacdPort(Integer guacdPort) {
+			this.guacdPort = guacdPort;
+		}
+
+        /**
+         * Returns the override for the guacd-ssl setting
+         *
+         * @return
+         *     The flag if SSL should be enabled when connecting guacd
+         */
+        public Boolean getGuacdSsl() {
+			return guacdSsl;
+		}
+
+        /**
+         * Sets the guacd-ssl override for this connection
+         *
+         * @param guacdPort
+         *     The flag if SSL should be enabled when connecting guacd
+         */
+        public void setGuacdSsl(Boolean guacdSsl) {
+			this.guacdSsl = guacdSsl;
+		}
+
         /**
          * Returns the protocol that this connection should use, such as "vnc"
          * or "rdp".