[jira] [Closed] (GUACAMOLE-771) OpenID Auth Not Redirecting

Sat, 06 Apr 2019 11:58:36 -0700 


     [ 
https://issues.apache.org/jira/browse/GUACAMOLE-771?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Jumper closed GUACAMOLE-771.
------------------------------------
    Resolution: Invalid

Indeed not a bug, and the conversation has moved to the mailing list:

https://lists.apache.org/thread.html/b781a5c4e4d14f7ce297200ba6886d888df4333f83836220ac8b69f1@%3Cuser.guacamole.apache.org%3E

> OpenID Auth Not Redirecting
> ---------------------------
>
>                 Key: GUACAMOLE-771
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-771
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole-auth-openid
>    Affects Versions: 1.0.0
>         Environment: Ubuntu 18
>            Reporter: Craig Bloodworth
>            Priority: Minor
>              Labels: newbie, security
>
> Maybe I'm not fully understanding how the OpenID extension should work, but I 
> believe instead of logging in with the standard Guacamole client login screen 
> the user should be forwarded to the OpenID Connect IdP (in this case Google) 
> to authenticate and then be sent back to the Guacamole client. In the case of 
> my implementation this redirect isn't happening.
> The extension is loaded:
> {quote}09:00:44.048 [localhost-startStop-1] INFO 
> o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".
> 09:00:45.357 [localhost-startStop-1] INFO o.a.g.extension.ExtensionModule - 
> Extension "MySQL Authentication" loaded.
> 09:00:45.361 [localhost-startStop-1] INFO o.a.g.environment.LocalEnvironment 
> - GUACAMOLE_HOME is "/etc/guacamole".
> 09:00:45.533 [localhost-startStop-1] INFO o.a.g.extension.ExtensionModule - 
> Extension "OpenID Authentication Extension" loaded.
> {quote}
> And the guacamole.properties file is configured:
> {quote}openid-authorization-endpoint: 
> https://accounts.google.com/o/oauth2/v2/auth
> openid-jwks-endpoint: https://www.googleapis.com/oauth2/v3/certs
> openid-issuer: https://accounts.google.com
> openid-client-id: 
> xxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
> openid-redirect-uri: https://servers.xxxxxxxxxxxxxxxx.co.uk
> openid-username-claim-type: email
> openid-scope: openid email profile
> openid-allowed-clock-skew: 60
> openid-max-token-validity: 300
> openid-max-nonce-validity: 10
> {quote}
> But only the standard login screen is shown. What am I missing?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to