Hi,
I'd like to report a bug in Guacamole 1.6.0 that makes the Admin UI
unusable for managing user groups when using PostgreSQL + OIDC.
## Summary
Clicking on any user group in Settings → Groups results in an infinite
loading spinner. The page never loads.
## Steps to Reproduce
1. Install Guacamole 1.6.0 with guacamole-auth-jdbc-postgresql +
guacamole-auth-sso-openid
2. Configure OIDC with any provider (tested with Authentik)
3. Create user groups (via SQL or API)
4. Log in as any admin user (OIDC or local guacadmin)
5. Navigate to Settings → Groups
6. Groups are listed correctly
7. Click on any group → Infinite spinner, page never loads
This affects all users (OIDC and local) as long as the
guacamole-auth-jdbc-postgresql extension is loaded.
## Root Cause
The bug is in the AngularJS frontend, involving two files:
### 1. guacSettingsUserGroups.js — wrong dataSource assignment
When building ManageableUserGroup objects, the code iterates over all
registered data sources (postgresql, postgresql-shared, openid) to check
permissions. If permissions resolve via "postgresql-shared" before
"postgresql" (due to iteration order), the group link is built with the
wrong dataSource:
#/manage/postgresql-shared/userGroups/my-group
But user groups only exist in the "postgresql" data source. The
postgresql-shared data source (SharedUserContext) has no
UserGroupDirectory.
### 2. manageUserGroupController.js — missing error handling
When the user clicks the group link, the detail controller reads
dataSource from the URL ("postgresql-shared") and makes API calls:
$q.all({
userGroupData : loadRequestedUserGroup(), // has .catch() ✓
permissions : dataSourceService.apply(...), // has .catch()
✓
userGroups : userGroupService.getUserGroups(dataSource, ...),
// NO .catch() ✗
users : userService.getUsers(dataSource, ...),
// NO .catch() ✗
attributes : schemaService.getUserGroupAttributes(dataSource)
// NO .catch() ✗
}).then(function dataReceived(values) { ... }, requestService.WARN);
The calls against postgresql-shared return 404 (no management API for
these object types). Without .catch() handlers, $q.all rejects and
dataReceived is never called. The template stays in loading state.
API responses observed in browser DevTools:
GET .../api/session/data/postgresql-shared/userGroups/my-group → 404
Console: INTERNAL_ERROR undefined
## Suggested Fix
Either approach would fix the issue:
**Option A (preferred):** In guacSettingsUserGroups.js, when building
ManageableUserGroup objects, prefer data sources that actually have a
UserGroupDirectory (skip postgresql-shared and openid which return empty
directories).
**Option B:** In manageUserGroupController.js, add
.catch(requestService.defaultValue(...)) to the unprotected calls. This
matches the pattern already used by dataSourceService.apply().
## Workaround
Remove PostgreSQLSharedAuthenticationProvider from the JDBC PostgreSQL
extension JAR (remove from guac-manifest.json authProviders array and
delete the .class file, repackage). Trade-off: connection sharing no
longer works.
## Environment
- Guacamole: 1.6.0
- Extensions: guacamole-auth-jdbc-postgresql + guacamole-auth-sso-openid
- Database: PostgreSQL 17
- OIDC Provider: Authentik (any provider triggers this)
- Deployment: Docker (guacamole/guacamole:1.6.0)
Thanks,
Marcus
Mit freundlichem Gruß
Marcus Romeike
Geschäftsführer UWFUN GmbH
Te.: 0049 4296 76 29 000
